Job seekers who go to online sites seeking employment run a considerable risk of having their confidential information improperly sold, shared or used for profiling purposes.
That is the finding of a yearlong study into the privacy practices of online job sites released yesterday by The World Privacy Forum, a newly formed privacy rights nonprofit organization.
The study of more than 70 online job sites, employment kiosks, resume databases and resume distribution services uncovered several issues of concern for job seekers, including the sharing and sale of their personal data and the undisclosed tracking and profiling of users, according to researcher Pam Dixon.
"We really need a whole new way of talking with job seekers about how they can look for jobs and not get (their personal information) tracked, diced and sliced in multiple ways," Dixon said.
Among the privacy problems identified in the survey were the following:
-- There appeared to be little effort to restrict the collection of data on online job sites. Job seekers were routinely asked to provide a substantial amount of personal information that sometimes included Social Security number and date of birth before they could submit applications.
-- There were no consistent policies when it came to the collection and use of ethnic and racial information.
-- The use of third-party persistent cookies has increased. A job seeker's confidential data was frequently passed on to third parties and advertisers.
-- Even when they give consent, job seekers often may not realize the full extent to which their data is being used because job search sites have become much more sophisticated about finding legal ways of sharing job-seeker data.
The rapid proliferation of employment application kiosks inside malls and retail stores also presents a problem from a privacy standpoint, Dixon said. Few have any privacy policies that explain how information such as Social Security numbers, birth dates and other pieces of personal information will be used or stored.
Unicru, in the US, one of the largest operators of such kiosks, for instance, didn't post privacy policies at any of its kiosks before, during or after personal information was collected, Dixon said. Unicru's list of clients includes CVS, Universal Studios (a division of Vivendi Universal Entertainment) and Blockbuster.
A Unicru spokeswoman defended the company's practices and said they meet legal guidelines.
"Unicru fully meets all federal guidelines with regard to hiring for each of its customers. While there are no current rules or regulations requiring a privacy statement on a job application, Unicru does recommend to its customers, as a best practice, that they have such a policy," she said. Unicru processes on average one job application every second.
In some cases, information collected for one use was actually being used for other purposes. FastWeb.com, a major scholarship search service owned by Monster, for instance, collected ethnic, nationality and religious information from students, which it then shared with potential employers looking to fill positions based on diversity.
A spokesman from FastWeb said that in all instances where such information was passed on to an employer, it was only with the full consent of the students.
"We have looked into this in depth. We ensure that we are compliant with every issue in question," the spokesman said.
The privacy policies of companies that maintain personnel databases used for recruitment at some companies are also suspect, Dixon said.
Eliyon Technologies, for example, has compiled a database of more than 16 million names from more than 1 million companies. The database contains detailed profiles of individuals that Eliyon sells to companies, including 25 Fortune 100 firms.
Eliyon CEO Jonathan Stern dismissed the concerns and said the database only contained publicly available information gathered in Google-like fashion from multiple Internet sources. All the company does is search the Web for public mentions and records pertaining to an individual. In fact, some records that are publicly available, such as legal records, aren't included in the individual profiles, he said.
Despite such concerns, the news wasn't all bad, according to Dixon.
Since the last survey, which was conducted in 2001, there have been several improvements, Dixon said. Most job sites are now posting privacy policies and have a fairly good process for responding to privacy-related queries. Similarly, fewer sites require users to register prior to providing access to job advertisements, and more sites are allowing anonymous access to job listings.