Tag Archives: privacy

LinkedIn: security, privacy and CVs

15 Dec

I realise that in my last post on the LinkedIn CV generator I finished sounding quite negative about LinkedIn, which doesn’t feel fair. The trouble is, as soon as you start thinking about privacy, about a website holding large amounts of your personal details, you can’t help but start feel threatened – particularly due to Facebook and Google’s cavalier attitude to their users. But is privacy something we really need to worry about?

Yes is the short answer, if you take this stories like this into account:

The owner of XY Magazine and its associated website – which catered for young homosexual boys – filed for bankruptcy earlier this year.

XY’s creditors have applied for the firm’s one remaining valuable asset: its database of one million users.

Although the move has been opposed by the US government no less, the possibility of a distressed company being forced to sell off data is still there and I have heard of it happening before (frustratingly can’t find the reference). What if the data had been less sensitive? What if it was already considered to have been publicly published in some form? Do you know where your data being stored? Is it in your own country or another jurisdiction? And as this story shows, even if you know who is holding your data now, and you feel happy with their User Agreement, what if they lost control of it? Do you even know what data they have stored? See LinkedIn privacy policy, Section 1J (my italics)

  • Rights to Access, Correct and Eliminate Information About You

    You have a right to access, modify, correct and eliminate the data you supplied to LinkedIn. If you update any of your information, we may keep a copy of the information that you originally provided to us in our archives for uses documented in this policy. You may request deletion of your information at any time by contacting LinkedIn customer service. We will respond to your request within 30 days.

This perhaps raises another question, relevant to career changers and those who want to substantially edit their professional image (that isn’t meant to sound sinister, I’m really thinking of students going from tentative job-seeking to settling into their career). Does it matter if your former digital identity is still stored elsewhere if no one can see it? I think it does if you don’t realise it, and I’m sure many users do not delve this deeply into the privacy policy.

Even if you set aside the risks of third-party data storage, what about the very concept of making your entire employment history public? LinkedIn does tell people they should only connect to people they know, but that does not much limit access to your profile. If you join a large group your details are shared with people you don’t know in that group. You also don’t know who your connections generally are connected to. I work on the assumption that anything I put on LinkedIn can be seen by anyone. And I wouldn’t put my full CV online in the public domain because of the risk of identity theft and fraud.

Returning again to the LinkedIn privacy policy, which I do find clearly set-out and straightforwardly written, Section 2a:

The information you provide to LinkedIn may reveal, or allow others to identify, your nationality, ethnic origin, religion, gender, age, geography, or other aspects of your private life.

LinkedIn does provide some settings allowing you to control what is visible on your public profile, but the default is openness. If you follow the encouragement of LinkedIn to upload your CV to populate your profile, and to update and fill out your details as fully as possible to use the CV tool and maximise your networking exposure, you could have a lot of personal information public before you know it.

Secondly, reading that list of information I can see elements that you would not even include on a job application. It is usually recommended that explicit statements of age and ethnic origin be omitted to mitigate both explicit discrimination and implicit prejudice (and to protect employers from accusations of such). For similar reasons, in the UK we do not usually require a photo to be added to a CV. The issue of whether this is successful in controlling discrimination is another question (especially in this open social media age), but the point is that users of LinkedIn will make this information more available simply because the boxes are there and everyone else is doing it, not because they have really considered these consequences.

I think I was always happy with using LinkedIn as an enhanced business card and a way of maintaining connections, however it is this drift towards its use as a job application tool containing full work histories that has raised my concerns. I can see why LinkedIn would want to do it – recruiters already find LinkedIn profiles a valuable source of candidates, and imagine the power LinkedIn would gain if its profiles became application currency, equivalent to CVs and application forms. It is also a very convenient tool for us, the users. But it is this very usage that substantially increases the privacy risks, as well as the increased potential for employment discrimination. As much as I love Web 2.0, it is the users who need to stay aware and protect themselves when it comes to privacy, and this does feel like an area which needs more flagging.