Who comes first, my boss or my company?

On March 28, 2016

In the March 29, 2016 Ask The Headhunter Newsletter, a reader goes up against her boss and wonders how to stay out of trouble.

Question

My boss just told us that it’s mandatory for us to join a closed LinkedIn group, on which she will give us work assignments — for instance, shared reviews of resumes or other documents or topics that she feels will enhance our knowledge by group sharing.

company_secretsI have no problem doing this via work e-mail, but to be forced to join a social media group — where what we post can be mined, according to one of my clients — is tantamount to agreeing to LinkedIn’s terms and conditions, none of which I have been able to see.

Maybe I’m being cynical, but I think that my 30-something boss wants to make a splash for her own career via becoming the leader of a LinkedIn group. I don’t know if she has thought this through.

I am also concerned for my own professional status. Frankly, I don’t know what behaviors the 20-somethings in the group are up to, and I’m not sure I want to be linked publicly to them. My co-workers are spread across the country, and I’ve never met some of them. Those that I’ve met (only virtually) I barely know. 

I just un-joined the group. Who comes first? My boss or my company?

Nick’s Reply

LinkedIn is not an online work collaboration platform, though I know this social networking site has experimented with the idea. There are many good collaboration systems that your boss could use (Microsoft Office 365, Google For Work, Slack) but this isn’t one of them.

I don’t think you’re being too cynical. Your guess about your boss’s motivations for getting you all into a LinkedIn group could be correct – she may be trying to build her network. More important, I think you’re right to worry about your company.

Information you and your co-workers post on a LinkedIn group would likely be mined and sold by LinkedIn. Your boss may not realize that this could have serious privacy implications, including violation of your company’s confidentiality and intellectual property policies.

Check your boss

I don’t know how big your company is, but I’d consider paying an in-person visit to HR. Without mentioning your boss or this project, I’d ask:

“If I wanted to set up an online collaboration area where my co-workers and I and our clients could post and exchange company documents that we can all work on, would company policy permit that? I’ve come to you because I’d never do anything like this without first checking the policy.”

My guess is HR will tell you, No way!

Then you have to find a diplomatic way to tell your boss. Or to tell HR what your boss is up to.

One way to do this might be to explain to your boss that you spoke to HR because you wanted to know the policy about how you should register on LinkedIn for this project since you’d be posting company work. That’s a legit concern that has nothing to do with you thwarting your boss.

Then you’d probably have to explain to your boss: “It turns out HR is worried about something far bigger: confidentiality of company data.” Then your boss can save face, drop the whole idea, and possibly avoid getting fired, too.

Suggest some alternatives

Quickly research some of the mainstream collaboration platforms available to your company, including free ones. Take a look at Microsoft Office 365, Google For Work and Slack. When you talk to your HR department, ask whether any of these are approved for company use. Then mention these to your boss. If her real goal is collaboration, you may save the day.

My guess is that your boss is merely very naïve. Putting your concerns about your own privacy aside, I think your bigger worry should be potential violation of your employer’s policies about proprietary and company confidential information being disseminated on the Internet. That liability would be on you. And that’s not to say your personal information wouldn’t be compromised, too. LinkedIn has been in some serious legal controversies concerning misuse of customer information. (See LinkedIn Users Sucker-Punched by Wrong References and LinkedIn: Busted for U.S. wage law violations, sued for “injury” to users.)

LinkedIn is not a collaboration system, where company and user data is protected, so I don’t know how your boss got this idea. LinkedIn is a public sewer of personal information and misinformation, in addition to being a potentially useful database about people. (Yes, I think it’s both. LinkedIn needs to clean up its act.)

You can see my cynicism. And I understand yours. I think you can help your boss by suggesting that LinkedIn be used the way it’s intended — or in whatever way makes most sense to your company — and by getting your HR department’s blessing before posting company information online.

Have you ever had to buck your boss to protect yourself or your company? How did you do it? Was HR helpful? Where should an employee draw the line when instructed to do something questionable?

: :

Back to Top

Wanted: HR exec with the guts to not ask for your SSN

On December 1, 2014

In the December 2, 2014 Ask The Headhunter Newsletter, a job seeker hesitates to hand over a Social Security number:

Question

The more I read your columns, the more I realize that the employment process is not just broken. It’s inappropriate and run by people who think they can demand anything from people who need a job. Like private, personal information you’d never just hand over to anyone.

I viewed an employment application yesterday and I didn’t have issues with most of what tssnhey asked for, until I got to the request for my SSN. What do they need that for? My thinking is that providing your SSN would only be appropriate if and when you are hired. In your opinion, when would it be acceptable to provide your social security number (SSN) to a potential employer?

Nick’s Reply

Employers, like your phone company and gas company, use your SSN to identify you in their databases because it’s a unique number. It’s the lazy vendor’s way to track customers, and the lazy HR department’s way to track job applicants. And it’s frankly irresponsible.

Here’s what Pam Dixon, Executive Director of the World Privacy Forum, says:

“Never put a Social Security Number on your resume. You can provide it when you are invited for an interview or when the employer obtains your permission to conduct a background check. Widespread access to your SSN puts you at risk for identity theft.”

(So, uh… do employers ever conduct background checks before meeting you, or without your permission? Yep. For an example, see Big Brother & The Employment Industry: “All your employment are belong to us!”)

I know many HR workers will shake their heads and say I’m being overly cautious, and that they really do need a job applicant’s SSN. So here’s my challenge: Give me one good reason why an applicant’s SSN is necessary to proceed with a job interview.

I’ve asked this question of HR again and again, and no one has been able to answer it satisfactorily. We’ve already discussed how this “SSN protocol” has spawned unintended scams: How employers help scammers steal your Social Security number.

If it needs a unique identifier, why doesn’t the employer just ask for your credit card number? For that matter, why don’t you — the applicant — ask the HR representative for his SSN, as well, so you can do a background check on him? (Two can play this game, if one thinks he can justify it.)got-guts

Yes, these are rhetorical questions — but they’re no nuttier than improper requests for your SSN.

I don’t believe any employer really needs your SSN until you are hired, when it’s necessary to process and report your contributions to your social security account. If the employer needs it to conduct a background check, wouldn’t you want the employer to put some skin in the game first — for example, by actually interviewing you and indicating it’s interested in hiring you? I’d take that a step further and ask the employer to (1) disclose exactly what kind of check it’s going to do, and (2) agree to show you everything it finds. (Even credit bureaus are required to show you what they find. Which reminds me: You should be just as wary of requests by employers for your credit report: Presumptuous Employers: Is this HR, or Proctology?)

If you think my suggestions are a bit over the top, then try responding to the employer with these two businesslike questions: For what reason do you need my SSN? Or, What are you going to do with it?

The reality is, some software designer included an SSN field in the employer’s database, and the HR department bought the software without questioning the design and intent. Because HR relies on such software to process you, HR doesn’t know what to do if you decline to provide data the software “requires.” Go figure. Suppose the software included a credit card field instead — that’s unique to you, too, right? But no one would expect you to provide it, because the employer doesn’t need it.

I feel your pain. Some employers will boot you out of the hiring process if you don’t give them your SSN (and your salary history) — just like a phone or cable company will refuse to sell you service without it. I wish someone would file a lawsuit.

When you’re stuck, blocked by a faceless job application form that asks inappropriate questions, there’s just one thing left to do: Go mano a mano. Yes, I’d call the employer — on the phone — and explain that you’d like to apply, but that you will provide your SSN only if you are hired. “So, how do we proceed with my application?”

Of course, HR might have a problem dealing with a human applicant, and it may have a policy against talking to applicants on the phone. Hey — where did you get HR’s private phone number, anyway…?

Do you hand over your SSN when applying for jobs? Is there an HR executive out there with the guts to stop asking for job applicants’ SSNs until after HR has decided to make an offer?

: :

Back to Top

Big Brother & The Employment Industry: “All your employment are belong to us!”

On November 2, 2011

Suppose that every time you applied for a job, some guy in a little room checked an Excel spreadsheet and notified the employer: “No interview for this guy. He’s a bum.”

It’s already happening.

Several years ago I published a series of articles about identity theft via job boards, including a report about Monster.com’s troubling practices by Pam Dixon from the World Privacy Forum (Click, You’re Hired. Or Tracked). Later, I published a newsletter titled Does HR go too far when screening candidates? in which HR consultant Earl Rice warned that:

“…in their zeal to protect themselves and their companies, HR departments may be covering up illegitimate and possibly illegal practices. When HR outsources background checks and investigations of candidates, is HR doing its job, or is it ensuring plausible deniability while letting loose an investigative demon that systematically violates people’s privacy and feeds the specter of identify theft?”

Trading privacy for Big Brother’s social initiative

It’s a world where Facebook routinely collects and profits from massive amounts of personal information. It’s a world where people enjoy the benefits of “social networking” and just want to keep up with their friends minute-by-minute. It’s a world where Big Brother has taught people to shrug and say, “Privacy? There’s no privacy any more. My information is in lots of databases and it’s not worth worrying about it!”

It’s a world where corporate employers are covering their legal asses while you get rejected for jobs that have long been vacant because “there’s a talent shortage.”

It’s also a world where opening a financial account in your name doesn’t take much more than your name, address, social security number (SSN), and a signature — any signature. But in today’s economy, the permissions you grant to employers when you apply for a job can continue to cost you lots of jobs — and you’ll never know it.

Let’s go back to what HR consultant Rice said back in 2003:

“If you have signed one disclosure for one employer, the investigations company that did the checks will keep the information about you in their database and then just re-sell the results to their next client.”

How does this happen? HR outsources the investigations, and the third party investigations company owns the information it gathers about you. The next employer rejects you for the same reasons the last one did. Were those reasons legit?

“This total invasion of privacy beyond your wildest dreams (actually, nightmares) is outsourced. The worst part is that much of the data and information these outsourced security agents collect is erroneous.”

You sacrifice privacy; employers buy legal protection

But while you’re giving up your privacy for certain “social” benefits (like the ability to apply for a job), employers are capitalizing on the holes you just punched in your life. Then, those same employers are buying legal protection in case you sue them for peeking through the holes. Rice reiterated that the quality of information about you in those databases isn’t the issue; insulation of employers from legal liability is the issue. Rice warned warned that an employer’s intentions could be far more complex:

“This is an industry that is almost totally unregulated. The multiple levels of outsourcing and subcontracting yield enough plausible deniability to the companies themselves,  and their clients, that abuses run rampant.”

Are employers using third parties to distance themselves from legal liability when checking you out? Who’s responsible for auditing and tracking the use and security of personal information an employer gathers about you?

Like many people, I put all this aside and chalked it up to Big Brother’s ubiquitous presence in our lives… the Internet, after all, is the Big Brother we’ve invited into our lives, choosing to accept the quirks of his behavior in exchange for all the social gifts he bears.

The little man who controls your career

That’s how I compartmentalized it all, until a reader sent me the story of his recent experience with a major American corporation with operations around the world. The reader is a 20-year veteran of the information technology field, and has more than a passing knowledge about security. Read it and decide how worthy a trade we’re making — some of our privacy, in exchange for the wonderful social gifts Big Brother delivers into our lives.

During Q4/2010, I was being considered for a position with [Company X]. Before I could be submitted for consideration to the hiring manager, the recruiting agency required my name and full SSN so that it could be checked against a database of Company X’s former employees. I decided to dig into their process.

Each agency was collecting names and SSNs within their offices in a spreadsheet, then submitting them periodically to a third-party agency via unencrypted e-mail attachment (Excel file). I went as far as to contact the individual at the third-party agency who was receiving and processing the queries.

He told me that he logged into a Company X mainframe application to enter the names and SSNs, then returned the spreadsheets to the agencies with a Yes or No indication for whether the candidates were acceptable to Company X on the basis of when and how they may have might have been terminated, or if his check could verify that they had never worked for Company X. He then combined each of the spreadsheets into one of his own so that he could independently track and verify the names and numbers he had already processed.

Me: “Where do you keep that spreadsheet?”

Him: “In my in-box in Outlook.”

Me: “Do you see any security risk in that?”

Him: “No, it’s just on my desktop.”

I was shocked.  That was when I decided to pass on the opportunity. I also informed the agency rep who had contacted me about the job that this was how it was being done, and while he agreed that it wasn’t very good, he had no way to change the process put in place by Company X.

All your career are belong to us

You worry that you’re too old, or that you lack the proper college degree or skills. But employers are rejecting you before they check any of your work credentials. Your career is subject to “judgments” far more stupid and unsophisticated than you could imagine — judgments that could well be incorrect, and over which you have no right of appeal.

In 1991, a poorly-translated warning appeared in a popular video game: “All your base are belong to us.” Today, the game ends for many job applicants before it even starts.  Your career belongs to the little man with the spreadsheet, who operates at legal arm’s length from the employer that rejected you. He works for an agency that is contracted by lots of employers to handle candidate investigations, and to notify employers whether you should be interviewed.

But, the business is not about hiring; it’s about selling and re-selling data about you whose accuracy you cannot confirm.

“The larger outsourced security/investigative companies have started keeping databases of their own. One advertises they have a database of over 1.5 million people for employers to run their candidates against.”

At the time Earl Rice contributed his commments to Ask The Headhunter, he was working for a major employer that outsourced background investigations to third parties that weren’t even in the United States. They were based in what we used to affectionately refer to as Iron Curtain Countries.

“They start with a name and phone number and e-mail address from a resume or application. Then, they cross-reference information until they get a date of birth or social security  number and go from there. When an applicant walks into HR for that first  meeting, they already may have been investigated. Never mind that much of the  data gathered may be erroneous. The ‘data’ was gathered at arm’s length, but the  employer will treat it as absolute fact.”

Advantage Employment Industry

Employers are ultimately responsible for the way job applicants are treated, no matter how carefully they’ve instituted legal protections by outsourcing candidate rejection. But the problem job hunters face is a systemic one. There’s an entire employment industry that now relies on Big Brother and the holes you permit in your personal privacy. Privacy expert Pam Dixon boils it down:

“The business of searching for jobs online has grown from a market niche to a multi-billion-dollar, rapidly consolidating industry that relies on the eager search activities — and employment dreams — of millions of job seekers.”

Every time a job hunter submits an application through the rote channels established by corporate HR departments, the employment industry gets paid — whether a match is made or not. The job hunter loses, and the hiring manager cries about the talent shortage. Employers give the advantage to the employment industry — a mafia of consultants and contractors who bear no responsibility, because they just manage that spreadsheet.

Every time a job hunter agrees to apply for a job via Big Brother methods, rather than through a personal contact with a hiring manager, the job hunter sets in motion the wheels of an entire data industry designed to make money — not to match people with jobs. Most of the time, the job hunter gets taken down in a drive-by data attack. The little man with the spreadsheet wears a hood, and even the employer has no idea who’s driving the data base. Or where the keys are.

The IT manager who shared the story above decided to skip the little middle man — and Big Brother. His next contact with an employer was direct, and he hasn’t submitted to a strip search of his personal information. His job search isn’t easy, but he still owns his career.

: :

Back to Top