Suppose that every time you applied for a job, some guy in a little room checked an Excel spreadsheet and notified the employer: “No interview for this guy. He’s a bum.”

It’s already happening.

Several years ago I published a series of articles about identity theft via job boards, including a report about’s troubling practices by Pam Dixon from the World Privacy Forum (Click, You’re Hired. Or Tracked). Later, I published a newsletter titled Does HR go too far when screening candidates? in which HR consultant Earl Rice warned that:

“…in their zeal to protect themselves and their companies, HR departments may be covering up illegitimate and possibly illegal practices. When HR outsources background checks and investigations of candidates, is HR doing its job, or is it ensuring plausible deniability while letting loose an investigative demon that systematically violates people’s privacy and feeds the specter of identify theft?”

Trading privacy for Big Brother’s social initiative

It’s a world where Facebook routinely collects and profits from massive amounts of personal information. It’s a world where people enjoy the benefits of “social networking” and just want to keep up with their friends minute-by-minute. It’s a world where Big Brother has taught people to shrug and say, “Privacy? There’s no privacy any more. My information is in lots of databases and it’s not worth worrying about it!”

It’s a world where corporate employers are covering their legal asses while you get rejected for jobs that have long been vacant because “there’s a talent shortage.”

It’s also a world where opening a financial account in your name doesn’t take much more than your name, address, social security number (SSN), and a signature — any signature. But in today’s economy, the permissions you grant to employers when you apply for a job can continue to cost you lots of jobs — and you’ll never know it.

Let’s go back to what HR consultant Rice said back in 2003:

“If you have signed one disclosure for one employer, the investigations company that did the checks will keep the information about you in their database and then just re-sell the results to their next client.”

How does this happen? HR outsources the investigations, and the third party investigations company owns the information it gathers about you. The next employer rejects you for the same reasons the last one did. Were those reasons legit?

“This total invasion of privacy beyond your wildest dreams (actually, nightmares) is outsourced. The worst part is that much of the data and information these outsourced security agents collect is erroneous.”

You sacrifice privacy; employers buy legal protection

But while you’re giving up your privacy for certain “social” benefits (like the ability to apply for a job), employers are capitalizing on the holes you just punched in your life. Then, those same employers are buying legal protection in case you sue them for peeking through the holes. Rice reiterated that the quality of information about you in those databases isn’t the issue; insulation of employers from legal liability is the issue. Rice warned warned that an employer’s intentions could be far more complex:

“This is an industry that is almost totally unregulated. The multiple levels of outsourcing and subcontracting yield enough plausible deniability to the companies themselves,  and their clients, that abuses run rampant.”

Are employers using third parties to distance themselves from legal liability when checking you out? Who’s responsible for auditing and tracking the use and security of personal information an employer gathers about you?

Like many people, I put all this aside and chalked it up to Big Brother’s ubiquitous presence in our lives… the Internet, after all, is the Big Brother we’ve invited into our lives, choosing to accept the quirks of his behavior in exchange for all the social gifts he bears.

The little man who controls your career

That’s how I compartmentalized it all, until a reader sent me the story of his recent experience with a major American corporation with operations around the world. The reader is a 20-year veteran of the information technology field, and has more than a passing knowledge about security. Read it and decide how worthy a trade we’re making — some of our privacy, in exchange for the wonderful social gifts Big Brother delivers into our lives.

During Q4/2010, I was being considered for a position with [Company X]. Before I could be submitted for consideration to the hiring manager, the recruiting agency required my name and full SSN so that it could be checked against a database of Company X’s former employees. I decided to dig into their process.

Each agency was collecting names and SSNs within their offices in a spreadsheet, then submitting them periodically to a third-party agency via unencrypted e-mail attachment (Excel file). I went as far as to contact the individual at the third-party agency who was receiving and processing the queries.

He told me that he logged into a Company X mainframe application to enter the names and SSNs, then returned the spreadsheets to the agencies with a Yes or No indication for whether the candidates were acceptable to Company X on the basis of when and how they may have might have been terminated, or if his check could verify that they had never worked for Company X. He then combined each of the spreadsheets into one of his own so that he could independently track and verify the names and numbers he had already processed.

Me: “Where do you keep that spreadsheet?”

Him: “In my in-box in Outlook.”

Me: “Do you see any security risk in that?”

Him: “No, it’s just on my desktop.”

I was shocked.  That was when I decided to pass on the opportunity. I also informed the agency rep who had contacted me about the job that this was how it was being done, and while he agreed that it wasn’t very good, he had no way to change the process put in place by Company X.

All your career are belong to us

You worry that you’re too old, or that you lack the proper college degree or skills. But employers are rejecting you before they check any of your work credentials. Your career is subject to “judgments” far more stupid and unsophisticated than you could imagine — judgments that could well be incorrect, and over which you have no right of appeal.

In 1991, a poorly-translated warning appeared in a popular video game: “All your base are belong to us.” Today, the game ends for many job applicants before it even starts.  Your career belongs to the little man with the spreadsheet, who operates at legal arm’s length from the employer that rejected you. He works for an agency that is contracted by lots of employers to handle candidate investigations, and to notify employers whether you should be interviewed.

But, the business is not about hiring; it’s about selling and re-selling data about you whose accuracy you cannot confirm.

“The larger outsourced security/investigative companies have started keeping databases of their own. One advertises they have a database of over 1.5 million people for employers to run their candidates against.”

At the time Earl Rice contributed his commments to Ask The Headhunter, he was working for a major employer that outsourced background investigations to third parties that weren’t even in the United States. They were based in what we used to affectionately refer to as Iron Curtain Countries.

“They start with a name and phone number and e-mail address from a resume or application. Then, they cross-reference information until they get a date of birth or social security  number and go from there. When an applicant walks into HR for that first  meeting, they already may have been investigated. Never mind that much of the  data gathered may be erroneous. The ‘data’ was gathered at arm’s length, but the  employer will treat it as absolute fact.”

Advantage Employment Industry

Employers are ultimately responsible for the way job applicants are treated, no matter how carefully they’ve instituted legal protections by outsourcing candidate rejection. But the problem job hunters face is a systemic one. There’s an entire employment industry that now relies on Big Brother and the holes you permit in your personal privacy. Privacy expert Pam Dixon boils it down:

“The business of searching for jobs online has grown from a market niche to a multi-billion-dollar, rapidly consolidating industry that relies on the eager search activities — and employment dreams — of millions of job seekers.”

Every time a job hunter submits an application through the rote channels established by corporate HR departments, the employment industry gets paid — whether a match is made or not. The job hunter loses, and the hiring manager cries about the talent shortage. Employers give the advantage to the employment industry — a mafia of consultants and contractors who bear no responsibility, because they just manage that spreadsheet.

Every time a job hunter agrees to apply for a job via Big Brother methods, rather than through a personal contact with a hiring manager, the job hunter sets in motion the wheels of an entire data industry designed to make money — not to match people with jobs. Most of the time, the job hunter gets taken down in a drive-by data attack. The little man with the spreadsheet wears a hood, and even the employer has no idea who’s driving the data base. Or where the keys are.

The IT manager who shared the story above decided to skip the little middle man — and Big Brother. His next contact with an employer was direct, and he hasn’t submitted to a strip search of his personal information. His job search isn’t easy, but he still owns his career.

: :

  1. The privacy laws in this country need to change. Among the changes which need to be made are changing from opt-out to opt-in. Regulations should be across all communications channels, not just telco. We need to be a bit more like France.

  2. Pretty good article.

    Yet another reason why the “talent shortage” doesn’t exsist. And also why I hate sending my resume to random job ads especially when you hear nothing back.

  3. Interesting, mind boggling and an out right shame! Privacy laws are going to get worse not better. With the new heath bill coming down the pike employers will know EVERYTHING about you. Oh! they claim the opposite..but how’s it been working out for us all so far? Hmmm?

  4. I have discussed this point time after time with my law professors regarding the legality/reality of job seeker privacy. I have also commented on this blog about the fact that employers can get around any legalese to justify (and deny) unethical practices. I find job boards especially culpable. I refuse to apply for a position through a job board (i.e., Jobfox, Ladders) that forces me to upload my resume and build a profile before I can apply for the job or give them my phone number to text me when a potential company wants to contact me. Job seekers who don’t know better are fooled by the promise of being 85% more likely to get an interview. Buy any so called professional service like resume writing does not get you 75% more interviews as promised but more likely 75% LESS interviews because you have given them the information that can and will be used against them. It makes me wonder what the cost of a resume is based on how many times it is sold and resold. For job boards it’s a sellers market and selling they are.

    Company privacy policies are simply a requirement for companies who gather information. Most promise they will keep your information for their use only – but that can walk a thin line in interpretation. A privacy policy can be generated from a template where all they have to do is fill in the blanks. How many candidates read the Privacy Policy link before they apply? Probably very few because in order to submit the resume for an opening they must agree to the terms and conditions. It makes me wonder whether or not hitting the “submit” button automatically sends the information to the little man in the hood who has the spreadsheet.

    The EEOC can’t keep up with the pace to which companies are able to cover up illegal actions because the policies in place are archaic and don’t cover the practice of identity theft via job application. There is no “Life Lock” for job applicants. Maybe there should be.

  5. @Laurie,

    You’ve raised a very important point. As soon as you give your resume to someone you don’t know (easy, via a job board, when employers pick it off without your knowledge after paying for the right to “search the database”), you are left without the power to defend that resume.

    The sale and resale of resumes is how job boards make money. E.g.: Company A wants to recruit on its own website. It doesn’t want to manage this. So it contracts management of its company jobs area to Monster. Monster dumps all the company’s job listings into its own database, and also sucks up all incoming applicants’ resumes. You don’t think Monster then sells access to all that data to other employers and job hunters?

    This is how companies wound up getting inappropriate applicants in the Ladders story I published earlier this year. Their candidate-sorting overhead went through the roof when Ladders started posting the positions on its own site — charging its customers — without having any deal at all with the employer in question! Ladders was scraping those jobs. Worse, the company was getting applicants via Ladders whose salary levels were not even a match to the jobs — and candidates who were unaware their resumes were in the Ladders database.

  6. Key in a lot of this is the assumption that these databases never make mistakes. I blogged about just such a mistake…

    Watch Your Back(Ground)

  7. It seems to me, from a pure “shareholder value” perspective, that every time the man with the spreadsheet checks “no”, there is a nearly 100% potential for a subsequent sale. The key is to work the area between “due diligence” and “robo-checker” to make maximum profit for the investigative firm!