Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Safe is Your Employment Application Data?

Posted by Cliff on from the is-it-really-safe-enough dept.

Carlos asks: "I recently returned to the U.S. after working overseas for the past 16 years. As I visit job sites and corporate sites, I'm finding two issues with applying online I hope Slashdot readers could comment on. I understand security and background checks are important to most employers. However, it seems to me that far too many online applications are asking for sensitive data, such as my social security number and driver's license number. How long is my data stored in their database? Who has access to such data? It seems that every month we hear about a company that has customer/client data stolen or mishandled. I feel that such data shouldn't be required during 'step one' (ie filling out the initial online account in the career section). I'll provide such data when I've been contacted by a staff for an interview. Do Slashdot readers simply bypass such employers, or do they just hand over their identity?" Another point relates to the pages upon pages we have to endure with an online application. Some companies make the process smooth, for example using a form of OCR with an uploaded resume. There's nothing worse than getting to step 9 (out of 20 steps) and getting a timeout error in your browser. I hope HR people who are reading this, will take a closer look at their employment process. I'm sure some readers might say, 'They make the process hard on purpose — weeding out the lazy applicants.' I fully understand this point and I'm not looking for an easy way into a company, but filling out 20 step applications at 30 companies a day, everyday, can eat a lot of time when hunting for a position."

24 of 74 comments (clear)

  1. WTF is this? by Anonymous Coward · · Score: 2, Funny
    I clicked on this story and I got:


    Error (page title)

    Nothing for you to see here. Please move along.


    I'm a little paranoid, so what is this supposed to tell me? My employment application data is really safe, because it isn't here to see; or, there is nothing to see because things are so bad that my data is all over the internet and I shouldn't even bother asking how many people have applied for credit in my name?
  2. 3P's by Anonymous Coward · · Score: 3, Insightful

    " However, it seems to me that far too many online applications are asking for sensitive data, such as my social security number and driver's license number."

    They get the SSN when you get a job. Your license number isn't really sensetive.

    1. Re:3P's by GMontag · · Score: 4, Insightful

      They get the SSN when you get a job. Your license number isn't really sensetive.

      Yes, this is true, but they don't need that info until they draw up the offer letter.

      --
      Eve Fairbanks says I drive a hybrid!LOL
    2. Re:3P's by meme+lies · · Score: 5, Insightful

      They get the SSN when you get a job. Your license number isn't really sensetive.

      Yes, this is true, but they don't need that info until they draw up the offer letter.


      Nice thought, but if you are filling out job applications on-line you are most likely not in the position to set any conditions (as opposed to using a headhunter or contacts within the company, in which case you aren't seen as riff-raff off the street.)

      I'd also add that with most companies, withholding any information they ask for will raise a red flag. If you don't provide a SSN or license number or whatever else when asked they will immediately assume you have something to hide-- such as a criminal history, a DUI, heavy outstanding debts or a lien against your wages, or the lack of legal work status. Asserting that they do not have the right to ask can just mark you as "trouble"... Companies don't tend to like employees who know their rights and take a stand to protect them.

      I'm not saying it's right, but that's the way it is. They're looking for any reason they can NOT to hire you and refusing to play along will seriously hurt your chances. Telling them they can't have your SSN until you get a contract or serious offer will, in most cases, mean you won't get it at all.

    3. Re:3P's by iminplaya · · Score: 2, Insightful

      Telling them they can't have your SSN until you get a contract or serious offer will, in most cases, mean you won't get it at all.

      If we all did that, they wouldn't have much choice, would they? Not asserting your rights to avoid raising red flags will cost you those rights. We protect our rights by using them, and if the company thinks you're some kind of criminal for it, then we need to send the collective message of "screw you". If we accept this kind of treatment, then we shouldn't complain when the rights are removed off the books. In other words "quitchebellyachin'". The power is ours to lose. "That's the way it is" shouldn't mean just "lie down and enjoy it". We should set the rules, not them.

      --
      What?
  3. I don't give a fuck about... by rob1980 · · Score: 2, Insightful

    My driver's license number. Every time I buy beer, or cash a check at the bank, somebody gets to see my ID anyway.

  4. You shouldn't (only) be using web pages by Telcontar · · Score: 2, Informative

    If you have 16 years of work experience, you should contact a headhunter (job agency). They should not have difficulties finding interesting positions for you. Of course some companies only hire directly. However, for all the others, a good headhunter saves you the time of going through countless web sites, only to find job descriptions that are outdated (about positions that are no longer open, even though the web page does not say that). A headhunter won't necessarily find your dream job, but an application at a headhunter costs about as much time as a real application, and can cover dozens of companies at once. This should greatly improve your odds.

    1. Re:You shouldn't (only) be using web pages by Anonymous Coward · · Score: 2, Informative

      Head Hunter != Recruitment Agents

      Hunters find good people in jobs already, Agents deal with every one. You cant contact a head hunter, they come to you.

  5. technically illegal by TRRosen · · Score: 3, Informative

    most of these are technically illegal as this information would be keys to information that is not supposed to be used in the evaluation of applications sex age race etc. Seems to me if you can't ask for someones age you really shouldn't be able to require a copy of a drivers liscence to apply!! (actually that would include age race and sex on the card)

    1. Re:technically illegal by Anonymous Coward · · Score: 3, Insightful

      technically illegal? oops looks like we have somebody without herd mentaltity applying for the position.. umm. oops.. I mean... "the position has been taken by a candidate with more on-job experience"

  6. Re:Not worried about employment application data by Anonymous Coward · · Score: 2, Funny

    At one time I walked the last part to a company building for an interview, when I passed a current colleague of mine. I just greeted him but I could see the questionmarks in his face. ... why? What was *he* doing there?

  7. Don't worry... by technos · · Score: 3, Interesting

    In the last ten or fifteen years at up to a dozen different places I've only ever seen one storage system for applicants that didn't get the job: Box in the back of a storage closet.

    No one knows it's there except the HR drone that hid them, and the closet is locked because it also contains said HR drones stash of candy and Garfield posters.

    In fact, it's probably better protected than information people want. In those same places, sales records, customer billing info and record on current employees were treated with less security.

    --
    .sig: Now legally binding!
  8. Not very. by Aeron65432 · · Score: 2, Interesting

    If this story and its' comments are to say anything, not very safe; good luck trying to get your personal data removed.

  9. Re:Not worried about employment application data by waynemcdougall · · Score: 2, Funny
    when I passed a current colleague of mine. I just greeted him but I could see the questionmarks in his face

    One of your colleages was Edward Nigma?

    I'm not surprised you were looking for another job.

    --
    Recycle PCs and build a wireless community network www.hillsborough.org.nz
  10. Be Careful of ID Theft by Anonymous Coward · · Score: 2, Interesting

    Actually I would be very wary of providing SSN, DL, DOB, or any other identifying information. It wasn't to long ago (2 months) that the FBI issued warnings about identity theives posing as hiring companies so that they could obtain your information and then use it. Be especially leary of calls/emails from supposed agencies that you did not directly apply too.

    I am sure that you are doing your homework on the companies that you are applying to. But it is necessary to restate that if you are going to ask for a job, then you should know who the h3ll you are going to work for.

    As for the poorly designed application processes, if they insist on data entry in these fields on their web forms, then use the old tried and true 999-99-9999 or some other such bogus info. I would stick to the 999-99-9999 type of entry to avoid being accused of fraud. I have heard rumors of court decissions that have supported the concept of this being a universal way of saying that you do not wish to divulge that yet. If they allow you to submit additional comments then state that the additional information will be provided when a contingent offer of employment is made.

    With ID theft such a huge issues these days, I would expect that many companies would understand your position and will attempt to assuage your concerns. Do you really want to work there if they don't?

    - Nuff said

  11. Multi-stage applications by 91degrees · · Score: 2, Interesting

    'They make the process hard on purpose -- weeding out the lazy applicants.'

    I fully appreciate this idea. Jobhunting is a two way process. I reject any company that has an annoying inflexible application process on the theory that they would be annoying inflexible companies to work for. Of course, for certain jobs, I recommend the right sort of lazy. A clever lazy person will do a job in a way that means all dependent tasks can be done in half the time.

  12. license number sensitivity by JimBobJoe · · Score: 2, Insightful

    Your license number isn't really sensetive.

    I'm not sure if I agree. I think the issue here is that you can't predict who is using the license number and how, and frankly, I don't think people have become particularly creative with misusing the license number (which, in most states, if not all states, is a fixed number.)

    I think this will become an issue with time. It's becoming a back up to the SSN, and since it seems to be on the same path that the SSN was on in the late 70s/early 80s, then I'm going to safely bet that in the next 10 years or so that you're going to have to end up protecting your license number in the same way you protect your SSN.

    1. Re:license number sensitivity by i.r.id10t · · Score: 2, Interesting

      Here in Fl. it is based on your date of birth and your full name without vowels. Had a program on my 8088 that would take that info and spit out the correct DL number, or allow you to enter a DL number and it would spit out the name (no vowels) and DOB.

      --
      Don't blame me, I voted for Kodos
  13. my experience as a criminal background researcher by Anonymous Coward · · Score: 5, Interesting

    I've been working as a criminal background researcher for a company that gets hired to do pre-employment background checks. I'd describe the security protocols as being more than lax:

    a.) I receive the lists of people to check over a non-encrypted HTTP connection. These lists include name, DOB and SSN. (I'll admit to making it worse by accessing this non-encrypted website over my neighbors open wi-fi connection.)
    b.) The background checking company gives no instructions about how to treat the data, how to destroy the data after it's been used, etc...all of which seem de rigeur in today's world.
    c.) The issues applying to a.) also apply to the government court websites used to check the data.

    Background checking companies are often just run by ex HR people, and, as you can expect, many of them are not trained in security issues like this.

  14. I made changes by HangingChad · · Score: 2, Informative

    I made changes after getting a call from a local IT services company that said they had two of me in their database and wanted to resolve the discrepancy and update my information. What made that unusual is that I'd never applied for a job with them, they were collecting the data from Dice. That was a couple years ago.

    What I started doing was stripping all the data out of my old profile and created a new one with the last name of Notdisclosed, or something like that. Then I stripped out my employer names and dates, created a new email address, and replaced my phone number with a message only number.

    I have my own company and won't be applying for jobs anymore and their data is getting older by the day. This is going to be an ongoing problem with companies mining online sources for their own systems, but who knows how good their security is? Or if they even have any?

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
    1. Re:I made changes by Anonymous+Brave+Guy · · Score: 2, Insightful

      It sounds like your experience is another example of pain from putting sensitive information on-line (in this case, on Dice) without fully appreciating the possible results. That in turn is an example of a wider problem: giving up sensitive information to anyone who doesn't have a vested interest in storing, using and destroying it properly.

      An entire generation is about to learn from this mistake, but probably suffer its consequences for much of the rest of their lives. I imagine the problems will eventually get so bad that privacy/data protection starts to become a headline grabber and failing to respect them becomes culturally unacceptable. International agreements with far more teeth than today's will follow, and sooner or later, something like a class action identity theft lawsuit with huge punitive damages will put the fear of God into any organisations that don't comply properly. This may actually happen in a few years, if current trends continue. But for now, the only smart thing to do is be very careaful about what information you give to anyone.

      Oh, and in case anyone hadn't guessed: my answer to employers who want sensitive information up-front is to skip them. It's not a universal practice, I won't support it, and most importantly, this means I'll never suffer the consequences of screw-ups by a random organisation I once applied to.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  15. Re:DL? pfft by silentounce · · Score: 2, Informative

    DL is also your state ID, it's not evidence of eligibility to work, but it is proof of ID... Check this out:

    http://www.uscis.gov/files/form/i-9.pdf
    That should settle the argument.

    --
    There are many tongues to talk, and but few heads to think. -Victor Hugo
  16. Better employment strategies by packrat0x · · Score: 2, Insightful

    Most jobs are found through personal networking. Online applications are a "going through the motions" task to demonstrate the company hired the "Best Qualified Applicant"--the person they already wanted to give the job to. This is also true for resume collectors.

    It is a far better use of your time to talk with the people who would become your future co-workers.

    Additional Rule of Thumb: The company/agency will be as careful with your application data as it will be with your employee data.

    --
    227-3517
  17. Re:Application by shotgun . . . by bradsenff · · Score: 2

    You missed the point.

    You would be the exception, because you knew enough about the two to determine that you *wanted* to be at Spacely. Why do you want to be at Spacely?

    Most applicants these days just blast the resume at both, hope one of em sticks and that the pay/perks/title fall within the range they can tolerate.

    My point was that most employers that are actually GOOD to employees, and who want to hire quality people, will find a way to hire you if they find you desirable. So what if Spacely has no open positions? They really think your $expertise knowledge is going to help them, and they can afford the costs involved. So they hire you. Contrary to current thinking, you can indeed run a business and afford to hire good employees.

    I guess part of the problem is that employees are just emulating the lemming nature of employers these days: employees are just a resource, to be stocked according to precise usage. Instead of finding knowledge, ability, and personality, employers are trying to find low cost, enough to get by, sheeples to fill the position only AFTER weeks of justification by lower level managers showing they simply NEED to hire a new $position. With employers acting that way, it is no wonder employees are applying without regard to the company.

    A buddy of mine applied to some ridiculous amount of places a day. So many that he didn't even know the names. Which by extension, he didn't know the *companies* he was going to spend 1/3 to 2/3 of his daily life with. When he finally did get a job, he was amazed when he found out the company was hiring back positions that left during their bankruptcy - and that the business was an "ongoing risk for failure within 30 days". Oh well - he's getting a check (for now) - thats all that matters right?

    -b