Users of online job services lack privacy protection

Job seekers who go to online sites to look for employment run a considerable risk of having their personal information improperly sold, shared or used for profiling purposes.

That’s the finding of a yearlong study on the privacy practices of job-related Web sites that was released this week by The World Privacy Forum, a privacy rights organization in San Diego.

The study of more than 70 online job sites, employment kiosks, resume databases and resume distribution services has revealed problems such as the sharing and sale of job-seeker data and undisclosed tracking and profiling of users, according to primary researcher Pam Dixon.

“We really need a whole new way of talking with job seekers about how they can look for jobs and not get (their personal information) tracked, diced and sliced in multiple ways,” Dixon said.

A tendency to collect too much information, a lack of consistency in handling ethnic and racial data, overuse of cookies, and frequent sharing of data with third parties and advertisers were other problems identified in the survey.

Companies that allow potential hires to file job applications online aren’t faultless either, Dixon said. Often they fail to mention that their sites are outsourced to third parties that may have privacy policies that are different from their own.

The rapid proliferation of employment application job kiosks inside shopping malls and retail stores also presents a problem because few of them post any privacy policies when collecting confidential information, Dixon said.

One example highlighted in the study was Portland, Ore.-based Unicru Inc., which is the largest operator of these kiosks. Unicru’s clients include Woonsocket, R.I.-based pharmacy chain CVS Corp.

A Unicru spokesperson said the company’s practices meet legal guidelines.

In some cases, information that was collected for one purpose was being used for other purposes, the study said., a scholarship search service owned by Maynard, Mass.-based Monster Inc., collected information on ethnicity, nationality and religion from students for scholarship purposes but then shared the information with employers looking to diversify their workforces.

A spokesperson for FastWeb said that in all instances in which such information was passed on to an employer, it was done only with the full consent of the students.

Another example cited in the report was Cambridge, Mass.-based Eliyon Technologies Inc., which maintains profiles of over 16 million individuals from over 1 million companies. The profiles are used by 25 of the Fortune 100 firms in their recruitment processes.

But Eliyon doesn’t have a formal privacy policy, offer an opt-out policy or give individuals a chance to correct the information in its database, Dixon said.

Jonathan Stern, CEO of Eliyon, dismissed the concerns and said the information in the company’s databases is compiled from publicly available records.