Confidential details unsafe on job sites, says study

Job seekers who register with employment websites run a considerable risk of having their confidential information improperly...

Job seekers who register with employment websites run a considerable risk of having their confidential information improperly sold, shared or used for profiling purposes, a study claims.

The World Privacy Forum, a new privacy rights non-profit organisation studied more than 70 online job sites, employment kiosks, CV databases and CV distribution services for a year.

The forum uncovered several issues of concern for job seekers, including the sharing and sale of their personal data and the undisclosed tracking and profiling of users.

"We really need a whole new way of talking with job seekers about how they can look for jobs and not get tracked, diced and sliced in multiple ways," said researcher Pam Dixon.

Among the privacy problems identified in the survey were the following:

There appeared to be little effort to restrict the collection of data on online job sites. Job seekers were routinely asked to provide a substantial amount of personal information that sometimes included their social security number and date of birth before they could submit applications.

There were no consistent policies when it came to the collection and use of ethnic and racial information.

The use of third-party persistent cookies has increased. A job seeker's confidential data was frequently passed on to third parties and advertisers.

Even when they give consent, job seekers often may not realise the full extent to which their data is being used because job search sites have become much more sophisticated about finding legal ways of sharing job-seeker data.

The rapid proliferation of employment application kiosks inside shopping centres and stores also presents a problem from a privacy standpoint, Dixon said. Few have any privacy policies explaining how information such as social security numbers, birth dates and other pieces of personal information will be used or stored.

Unicru, one of the largest operators of such kiosks in the US, did not post privacy policies at any of its kiosks before, during or after personal information was collected, Dixon said.

Unicru's list of clients includes CVS, Universal Studios and Blockbuster.

However, a Unicru spokeswoman defended the company's practices.

"Unicru fully meets all federal guidelines with regard to hiring for each of its customers. While there are no current rules or regulations requiring a privacy statement on a job application, Unicru does recommend to its customers, as a best practice, that they have such a policy," she said.

Unicru processes on average one job application every second.

In some cases, information collected for one use was actually being used for other purposes., a major scholarship search service owned by Monster, for instance, collected ethnic, nationality and religious information from students, which it then shared with potential employers looking to fill positions based on diversity.

A spokesman from FastWeb said that in all instances where such information was passed on to an employer, it was only with the full consent of the students.

"We have looked into this in depth. We ensure that we are compliant with every issue in question," he said.

The privacy policies of companies which maintain personnel databases used for recruitment at some companies are also suspect, Dixon said.

Eliyon Technologies in the US, for example, has compiled a database of more than 16 million names from more than one million companies. The database contains detailed profiles of individuals which Eliyon sells to companies, including 25 Fortune 100 firms.

But Eliyon does not have a formal privacy policy, does not offer an opt-out policy and does not offer individuals a chance to correct the information in the database, Dixon said.

In at least one case during the study, personal information - including the names of children - was included in an individual profile.

Eliyon chief executive officer Jonathan Stern dismissed the concerns and said the database only contained publicly available information gathered in Google-like fashion from multiple internet sources.

He claimed that all the company does is search the web for public mentions and records pertaining to an individual, adding that some records which are publicly available, such as legal records, are not included in the individual profiles, he said.

Despite such concerns, the news was not all bad, according to Dixon.

Since the last survey, which was conducted in 2001, there have been several improvements. Most job sites are now posting privacy policies and have a fairly good process for responding to privacy-related queries.

Similarly, fewer sites require users to register before providing access to job ads, and more sites are allowing anonymous access to job listings, she said.

Jaikumar Vijayan writes for Computerworld

Read more on IT jobs and recruitment