Job seekers who register with employment websites run a
considerable risk of having their confidential information
improperly sold, shared or used for profiling purposes, a study
claims.
The World Privacy Forum, a new privacy rights non-profit
organisation studied more than 70 online job sites, employment
kiosks, CV databases and CV distribution services for a year.
The forum uncovered several issues of concern for job seekers,
including the sharing and sale of their personal data and the
undisclosed tracking and profiling of users.
"We really need a whole new way of talking with job seekers about
how they can look for jobs and not get tracked, diced and sliced in
multiple ways," said researcher Pam Dixon.
Among the privacy problems identified in the survey were the
following:
There appeared to be little effort to restrict the collection of
data on online job sites. Job seekers were routinely asked to
provide a substantial amount of personal information that sometimes
included their social security number and date of birth before they
could submit applications.
There were no consistent policies when it came to the collection
and use of ethnic and racial information.
The use of third-party persistent cookies has increased. A job
seeker's confidential data was frequently passed on to third
parties and advertisers.
Even when they give consent, job seekers often may not realise the
full extent to which their data is being used because job search
sites have become much more sophisticated about finding legal ways
of sharing job-seeker data.
The rapid proliferation of employment application kiosks inside
shopping centres and stores also presents a problem from a privacy
standpoint, Dixon said. Few have any privacy policies explaining
how information such as social security numbers, birth dates and
other pieces of personal information will be used or stored.
Unicru, one of the largest operators of such kiosks in the US, did
not post privacy policies at any of its kiosks before, during or
after personal information was collected, Dixon said.
Unicru's list of clients includes CVS, Universal Studios and
Blockbuster.
However, a Unicru spokeswoman defended the company's
practices.
"Unicru fully meets all federal guidelines with regard to hiring
for each of its customers. While there are no current rules or
regulations requiring a privacy statement on a job application,
Unicru does recommend to its customers, as a best practice, that
they have such a policy," she said.
Unicru processes on average one job application every
second.
In some cases, information collected for one use was actually being
used for other purposes. FastWeb.com, a major scholarship search
service owned by Monster, for instance, collected ethnic,
nationality and religious information from students, which it then
shared with potential employers looking to fill positions based on
diversity.
A spokesman from FastWeb said that in all instances where such
information was passed on to an employer, it was only with the full
consent of the students.
"We have looked into this in depth. We ensure that we are compliant
with every issue in question," he said.
The privacy policies of companies which maintain personnel
databases used for recruitment at some companies are also suspect,
Dixon said.
Eliyon Technologies in the US, for example, has compiled a database
of more than 16 million names from more than one million companies.
The database contains detailed profiles of individuals which Eliyon
sells to companies, including 25 Fortune 100 firms.
But Eliyon does not have a formal privacy policy, does not offer an
opt-out policy and does not offer individuals a chance to correct
the information in the database, Dixon said.
In at least one case during the study, personal information -
including the names of children - was included in an individual
profile.
Eliyon chief executive officer Jonathan Stern dismissed the
concerns and said the database only contained publicly available
information gathered in Google-like fashion from multiple internet
sources.
He claimed that all the company does is search the web for
public mentions and records pertaining to an individual, adding
that some records which are publicly available, such as legal
records, are not included in the individual profiles, he
said.
Despite such concerns, the news was not all bad, according to
Dixon.
Since the last survey, which was conducted in 2001, there have been
several improvements. Most job sites are now posting privacy
policies and have a fairly good process for responding to
privacy-related queries.
Similarly, fewer sites require users to register before
providing access to job ads, and more sites are allowing anonymous
access to job listings, she said.
Jaikumar Vijayan writes for Computerworld