Online resumes may lead to identity theft, shows study

A case of stolen identity sounds glamorous, but according to a recent report, it can start with something as mundane as an online resume.

The Denver-based Privacy Foundation, a consumer advocacy group, released a report last week citing evidence that some of the biggest job Web sites in Canada and the United States may be guilty of selling and distributing personal information found on resumes.

Pam Dixon is a research fellow who worked on the study along with several others from the Privacy Foundation and has authored several books promoting online job searching. She said she was surprised when she conducted her own experiment with online resume posting. She posted 25 resumes with “very specific” identifiers and set up a telephone account for those resumes. Shortly after, she began to receive telephone calls from telemarketers.

“The first thing I found that surprised me was the industry-wide problem of resume theft and the subsequent issue of identity theft,” she said. She added that while problems can start off as just being annoying – such as receiving junk mail – it costs as little as $10 for someone to match information like names and addresses to social insurance numbers.

“It really is a much larger issue than many have given it credit for,” Dixon said. “It’s a big problem.”

Not so at, said Gabriel Bouchard, Canadian vice-president and general manager of the largest online job shop.

“It’s totally safe,” Bouchard said from his Montreal office. “We have over a million Canadians who subscribe to and we haven’t had one single complaint in regards to delivering our privacy policy. The reason for that is that we don’t sell, we have never sold, and will never sell any information that you can find in a resume, despite what it says in that report.”

The Privacy Foundation report, called “Click, you’re hired. Or tracked…A report on the privacy practices of,” charges that the company may save some resumes sent to them, break down the information and keep it even after it has been deleted by the job seeker. It also shows that resumes on some corporate Web sites using technology similar to’s may be sent to Monster without permission. According to the report, company officials have discussed seeking fees from job seekers as well as selling resume data to marketers.’s privacy policy promises to provide a safe, secure user experience visit to and the company doesn’t disclose information provided, Bouchard said. It also advises users to beware of Web sites that request information like Social Insurance or credit card numbers.

“ was the first with a privacy policy in 1997,” he said. “Our philosophy is to give full control to the job seeker and reassure them that Monster will never sell any confidential information. What is in there (the report) is not supported by thorough research and is totally incomplete in terms of information.”

Melanie Osowiec, an HRMS PeopleSoft analyst, said that while The Privacy Foundation report may make her “think twice” about posting her resume again, she will continue to use online job Web sites. She started posting her resume online about two years ago and she found her current job at Rogers Communications that way. Osowiec continued that she doesn’t feel threatened by identity theft because most job sites have privacy policies that keep her resume private.

“I guess I just don’t worry about it,” she said, adding that her resume is still posted on about 20 sites. “I can’t imagine my identity being stolen.”

Osowiec admits that she may be “more naive than some people” because she uses her credit cards online to buy things, but said she is very aware of her credit situation and would know immediately is someone was using her private information.

“Maybe it’s because I’m in Canada that I don’t feel as threatened,” she said. “Maybe I would if I were someplace else.”

However, some other Canadians are taking identity theft seriously. The RCMP and Ontario Provincial Police recently launched a program to monitor fraud involving stolen identities. An estimated 3,000 cases of this sort of fraud have occurred so far this year. However, the OPP are only investigating Web sites that ask people for information that includes birth dates, credit card numbers and Social Insurance Numbers, which does not.

“Because of the way Canadians think, you seem to have more of a sense of privacy than Americans,” Dixon said. “Ultimately, that probably puts you at less risk because you are more likely to do something about it because of a more European view of privacy actually mattering to you. But right now, Canadians are at equal risk if they are posting a resume online.”

Dixon suggests job seekers attempt to find more local job Web sites, which are less likely to distribute information.

“If you are unemployed, it is very difficult to get a job without posting your resume,” she said. “The real solution is for people to e-mail the resume right to the contact at companies. If you can avoid posting, do.”