How Safe is Your Employment Application Data? 74
Carlos asks: "I recently returned to the U.S. after working overseas for the past 16 years. As I visit job sites and corporate sites, I'm finding two issues with applying online I hope Slashdot readers could comment on. I understand security and background checks are important to most employers. However, it seems to me that far too many online applications are asking for sensitive data, such as my social security number and driver's license number. How long is my data stored in their database? Who has access to such data? It seems that every month we hear about a company that has customer/client data stolen or mishandled. I feel that such data shouldn't be required during 'step one' (ie filling out the initial online account in the career section). I'll provide such data when I've been contacted by a staff for an interview. Do Slashdot readers simply bypass such employers, or do they just hand over their identity?"
Another point relates to the pages upon pages we have to endure with an online application. Some companies make the process smooth, for example using a form of OCR with an uploaded resume. There's nothing worse than getting to step 9 (out of 20 steps) and getting a timeout error in your browser. I hope HR people who are reading this, will take a closer look at their employment process. I'm sure some readers might say, 'They make the process hard on purpose — weeding out the lazy applicants.' I fully understand this point and I'm not looking for an easy way into a company, but filling out 20 step applications at 30 companies a day, everyday, can eat a lot of time when hunting for a position."
3P's (Score:3, Insightful)
They get the SSN when you get a job. Your license number isn't really sensetive.
I don't give a fuck about... (Score:3, Insightful)
Re:3P's (Score:4, Insightful)
Yes, this is true, but they don't need that info until they draw up the offer letter.
Re:technically illegal (Score:3, Insightful)
license number sensitivity (Score:3, Insightful)
I'm not sure if I agree. I think the issue here is that you can't predict who is using the license number and how, and frankly, I don't think people have become particularly creative with misusing the license number (which, in most states, if not all states, is a fixed number.)
I think this will become an issue with time. It's becoming a back up to the SSN, and since it seems to be on the same path that the SSN was on in the late 70s/early 80s, then I'm going to safely bet that in the next 10 years or so that you're going to have to end up protecting your license number in the same way you protect your SSN.
Re:3P's (Score:5, Insightful)
Yes, this is true, but they don't need that info until they draw up the offer letter.
Nice thought, but if you are filling out job applications on-line you are most likely not in the position to set any conditions (as opposed to using a headhunter or contacts within the company, in which case you aren't seen as riff-raff off the street.)
I'd also add that with most companies, withholding any information they ask for will raise a red flag. If you don't provide a SSN or license number or whatever else when asked they will immediately assume you have something to hide-- such as a criminal history, a DUI, heavy outstanding debts or a lien against your wages, or the lack of legal work status. Asserting that they do not have the right to ask can just mark you as "trouble"... Companies don't tend to like employees who know their rights and take a stand to protect them.
I'm not saying it's right, but that's the way it is. They're looking for any reason they can NOT to hire you and refusing to play along will seriously hurt your chances. Telling them they can't have your SSN until you get a contract or serious offer will, in most cases, mean you won't get it at all.
Re:I made changes (Score:3, Insightful)
It sounds like your experience is another example of pain from putting sensitive information on-line (in this case, on Dice) without fully appreciating the possible results. That in turn is an example of a wider problem: giving up sensitive information to anyone who doesn't have a vested interest in storing, using and destroying it properly.
An entire generation is about to learn from this mistake, but probably suffer its consequences for much of the rest of their lives. I imagine the problems will eventually get so bad that privacy/data protection starts to become a headline grabber and failing to respect them becomes culturally unacceptable. International agreements with far more teeth than today's will follow, and sooner or later, something like a class action identity theft lawsuit with huge punitive damages will put the fear of God into any organisations that don't comply properly. This may actually happen in a few years, if current trends continue. But for now, the only smart thing to do is be very careaful about what information you give to anyone.
Oh, and in case anyone hadn't guessed: my answer to employers who want sensitive information up-front is to skip them. It's not a universal practice, I won't support it, and most importantly, this means I'll never suffer the consequences of screw-ups by a random organisation I once applied to.
Re:3P's (Score:2, Insightful)
If we all did that, they wouldn't have much choice, would they? Not asserting your rights to avoid raising red flags will cost you those rights. We protect our rights by using them, and if the company thinks you're some kind of criminal for it, then we need to send the collective message of "screw you". If we accept this kind of treatment, then we shouldn't complain when the rights are removed off the books. In other words "quitchebellyachin'". The power is ours to lose. "That's the way it is" shouldn't mean just "lie down and enjoy it". We should set the rules, not them.
Better employment strategies (Score:2, Insightful)
It is a far better use of your time to talk with the people who would become your future co-workers.
Additional Rule of Thumb: The company/agency will be as careful with your application data as it will be with your employee data.