Candidate Data Vault Contract Profile v0.1 draft. Profile of the AI Procurement Decision Card v0.3 vault-contract surface scoped to candidate + employee + contingent-worker data categories. Names what tokenized / redacted / pseudonymized / cleartext access an AI employment tool (AEDT) may have to which HR-data category, under which
consent_basis, with what retention envelope, and aligned to EEOC + ADA + NYC LL 144 + IL 820 ILCS 42 + MD HB 1202 + OFCCP expectations.
Part of the Kinetic Gain Protocol Suite. Closes the HR Tech 6-pack.
Status: v0.1 draft. Profile at
profile.json, canonical example atexamples/momentumhr-vendore-hireassess-decision-card.json.
Four categories default to tokenized-and-not-as-model-input-by-default — the strongest protection level — because each is subject to either statutory prohibition, state-specific restriction, or ADA confidentiality:
video-interview-biometric-features— MD HB 1202 prohibits facial-recognition during pre-employment interview without explicit written consent + waiver. Default: not extracted.credit-check-report— CA, CO, CT, HI, IL, MD, NV, NJ, OR, VT, WA + NYC + Philadelphia + Chicago + DC restrict employer use for non-financial-services positions. Default: not collected.social-media-scrape— Multiple states prohibit employer-demanded social-media-access. Default: not collected.protected-class-self-id-data— EEOC + OFCCP require segregation from selection process. Default: used ONLY for downstream bias-coverage measurement + EEO-1 reporting + OFCCP AAP.reasonable-accommodation-request+ada-medical-documentation— ADA 42 USC §12112(d) confidential medical record. NEVER a model input.
candidate-application-submitted · candidate-aedt-notice-acknowledged (NYC LL 144) · il-820-ilcs-42-video-interview-consent · md-hb-1202-facial-recognition-consent-and-waiver · employee-employment-agreement-signed · ada-accommodation-confidentiality-agreement · judicial-order-or-subpoena
The vault contract MUST include ada_accommodation_pathway with five flags:
alternative-selection-process-offeredscreen-reader-compatible-process-availableextended-time-pathway-documentedhuman-reviewer-pathway-documentedaccommodation-decision-not-bound-to-original-ai-tool-output
The last flag is critical: if the candidate requests accommodation, the AI tool's prior output cannot constrain the accommodation pathway's outcome.
vendor-soc2-type2 · vendor-contract-with-audit-rights · vendor-nyc-ll-144-bias-audit-report · vendor-eeoc-ai-guidance-attestation · vendor-data-residency-attestation · vendor-subprocessor-list-with-notice-window · vendor-ada-accessibility-attestation (WCAG 2.1 AA conformance)
All retention envelopes include litigation-hold-trumps-deletion-trigger boolean. EEOC charge investigations, OFCCP compliance evaluations, and private litigation all can extend the recordkeeping floor beyond the otherwise-applicable 29 CFR §1602.14 + state minimums. The contract must clearly indicate which categories' deletion triggers are subordinate to litigation holds.
examples/momentumhr-vendore-hireassess-decision-card.json — MomentumHR Inc.'s Decision Card for VendorE HireAssess v2.x:
- 10 data categories mapped with explicit protection levels + consent bases + retention envelopes per category.
- 6 of those 10 explicitly marked
tokenized-and-not-as-model-input-by-default(biometric features, credit check, social media, protected-class self-ID, accommodation request, ADA medical doc). - Full ADA accommodation pathway with all 5 flags asserted.
- 7 vendor due-diligence artifacts referenced including NYC LL 144 bias audit report.
- 4 ongoing conditions including quarterly ADA pathway review.
This is the Decision Card that the employment-decision-record-audit-stream canonical example references via decision_card_ref, the employment-candidate-bias-coverage-lab bundle reviews under the "annual-nyc-ll-144-bias-audit" condition, and the employment-ai-incident-card-profile incident references via affected_decision_card_ref. The HR Tech 6-pack now closes the loop — every artifact references every other artifact via shared identifiers.
| Repo | Role |
|---|---|
decision-card-spec |
Base spec |
employment-decision-record-audit-stream |
Audit events bound to this Decision Card |
employment-candidate-bias-coverage-lab |
Bias-coverage bundle the annual NYC LL 144 audit condition references |
employment-ai-incident-card-profile |
Incident Cards that reference this Decision Card |
eeoc-readiness-evidence-bundle |
Broader EEOC readiness bundle this Decision Card is filed under |
state-employment-ai-disclosure-tracker |
Identifies which state's obligation set applies on the issued_at date |
phi-vault-contract-profile |
Sibling HealthTech vault contract |
pii-student-vault-contract-profile |
Sibling EdTech vault contract |
mls-data-access-vault-contract-profile |
Sibling PropTech vault contract |
policyholder-data-vault-contract-profile |
Sibling InsurTech vault contract |
HR-Tech-readiness scaffolding for AI Procurement Decision Card vault-contract evidence specific to candidate + employee + contingent-worker data. Supports an employer's program toward EEOC AI Guidance May 2023 readiness, Title VII / ADA / ADEA / GINA recordkeeping readiness (29 CFR §1602 minimums), OFCCP federal-contractor recordkeeping readiness (41 CFR Part 60-1.12 + 60-2 + 60-300 + 60-741), NYC LL 144 AEDT vendor due-diligence readiness, IL 820 ILCS 42 video-interview-AI consent readiness, MD HB 1202 facial-recognition consent-and-waiver readiness, and CO SB 24-205 consequential-decision impact-assessment readiness. Does not by itself establish compliance with any statute. Per the standing public-language guardrail: readiness · evidence · posture · controls · scaffolding — never "EEOC-compliant" or "NYC-LL-144-attested" without an external attestation.
MIT — see LICENSE.