Don't Blame Recruiters for ID Theft
John Sumser's series on information security raises the question of whether the recruiting industry contributes to identity theft and other social ills:
Like incriminating information left on MySpace, most job hunters have no idea what risks they expose themselves to when they send out a resume. Identity theft is an insidious thing. It results in clogged email boxes and spam filters long before it causes a bank account drain. The impact is slow and hard to relate to the actual sending of a resume.
It's not that I don't care about security, but framing the question this way feels a little like blaming Sony for a a break-in because they make televisions that people want to steal. If I go to the bank and say my name is Jack Welch and ask to withdraw $10,000, and the bank gives it to me, that's not Jack Welch's fault. If they ask me what my last job was, and I say, "CEO of General Electric," it's also not Jack's fault. If I apply for a credit card from MBNA, write "Jack Welch" on the application, and they let me run up $10k in charges, guess what? It's still not Jack Welch's fault.
The data that lives on an average resume has always existed in the realm between that which is considered private or public by law or custom. If you're famous, everyone knows your job title and who you work for. But the same is effectively true if you're a greeter at Wal-Mart. This information has never been private, it's just traditionally been hard to find, and the scarcity of it meant those who had it (e.g. headhunters with a killer Rolodexes) held it very closely.
There are a long list of reasons why we legally protect information like medical records. However, the biggest and best reason to argue for keeping resume data private isn't that a resume contains information that is embarassing, incriminating, or otherwise uniquely privileged*. It's because lenders are allowed to make it my problem to solve when they lend money to someone who says their name is Colin Kingsbury and proves it by giving them a bunch of information anyone can find by Googling my name. Businesses are almost endlessly imaginative when it comes to figuring out how to make money. I live in Boston. If someone opens a credit card account in my name at a Nine West store in Los Angeles and charges $800 of high heels on it, it shouldn't be my responsibility to prove it wasn't me. Put the onus on the lender to know who they're lending to, and you'll see these problems get better, and fast. Resumes should have nothing at all to do with it.
* Resumes can indirectly contain one piece of information that deserves to be considered private: the fact that someone may be looking to leave their current job. This, however, has nothing to do with identity theft.
Colin,
it is what the Recruiters do/and don't do with the information they are privvy to that causes the problem!
Also, let's not forget that Recruiters are also privvy to information of candidates Who Don't utilize job boards, who don't have their information plastered all over the net..
There are different Calibers of recruiters in this industry. Some who come into it hoping to earn a fast buck and don't have an IOTA of professionalism, education, knowledge, integrity, training, and IMHO common sense..
Many of these indivduals idea of recruiting is submitting information that they garnished from unsuspecting candidates in Confidentiality and trust to every Tom, Dick and Harry that they find on the internet.
I have personally heard of situations where recruiters have submitted these resumes to individuals without ever once stopping to determine the legitimacy of the company, and candidates went into interviews for fraudulent jobs, gave out to much information and unfortunately they became victims (one recruiter in NJ is currently being sued for her lack of thorough investigation of the company that she submitted the candidate to.. )
Candidates do need to be educated indeed, but so do recruiters. The issues of just spamming individuals information just because you got it isn't as kosher as it used to be..
Posted by: Karen m | September 12, 2007 at 01:57 PM
Interesting, but it has nothing to do with my post.
Posted by: Colin Kingsbury | September 12, 2007 at 02:14 PM
guess between the title and sumser's article link, I misunderstood..
Thanks
Karen
Posted by: karen m | September 12, 2007 at 08:14 PM
Great article Colin. As a victim of financial identity theft I completely agree with your thinking. If a lender or creditor extends a line of credit to an identity thief because they failed to verify and validate the identity theft victim's credentials, they should be held responsible, not the victim! You noted "because lenders are allowed to make it my problem to solve when they lend money to someone who says their name is Colin Kingsbury and proves it by giving them a bunch of information anyone can find by Googling my name." I couldn't agree more Colin. I've shared my personal identity theft story at http://identitythefthurts.com/
Posted by: John Barksdale | October 09, 2008 at 09:20 AM