I just would like to point out that
none of the accounts I was forced to create for job applications so far had any options for multi-factor authentication or for deleting the account.
And all of the accounts I was forced
to create for job applications so far required to enter very sensitive information that was completely unnecessary to require.
@Em0nM4stodon That sounds horrible. It's stories like that, that makes me really like the GDPR and similar initiatives. They may not be perfect, but they're a hell of a lot better than nothing at all.
@Em0nM4stodon And if you get the job, you will be forced to program just that kind of stuff. Because it's in the DNA of the company. Are you sure you are the right candidate? 😆
Wish you good luck, your vision of things is more than OK. 👍
@romainbecker Hopefully I will get hired to give privacy recommendations instead and help them correct this atrocity before they get a hefty fine, a lawsuit, or a data breach followed by multiple lawsuits.
@Em0nM4stodon yeah it’s crazy. I’ve had the same experience and I use unique disposable email addresses on my own server. So I know a few of the companies that took my information have had data breaches for sure.
Luckily, 95% of online accounts I’ve ever created, I’ve created with misspelling and fake details. Even in doctors’ and radiology online systems (not the surgeries themselves), libraries, and job applications. Unless there’s some legal obligation that means it needs to be correct (and can’t be corrected later) they can talk to my friend “Norbert Harrison”.
Which I guess explains why I have no idea of my date of birth or my password reset questions for my current role. Seems the IT systems updated from the original application. I had to manually fill forms and correct details on my offical offer for my actual employment contract so that’s correct, but I’ve definitely minimised my exposure :)
@Em0nM4stodon
It's actually surprisingly hard to change that. Companies and organisations are often tied to their HRIS (HR information system) for their application platform. And if those companies don't offer those options, they're out of luck...
@jarjan The fight against this should be much stronger from the people who do have power or influence over this. This can't be the battle of the applicants.
@Em0nM4stodon
I fully agree!
I'll try to do my part. At my work I'm involved in the project to implement a new HRIS. This issue is going to be on my list to put on the table.
@Em0nM4stodon Because the recruiting and HR space is horribly broken and will only get worse as ML model usage increases.
My previous job was in the recruiting space and job ads, and I can tell you that the main reasons that they ask for this information is to feed their increasingly automated ML-driven screening and matching behavior. They want that information to localize their searches and match you to positions for which you're qualified (which includes location). It's all about information gathering from as many sources as possible to feed the models.
The job advertisers also want that information so that they can immediately disqualify people based on where they live or for a whole host of other arbitrary criteria so that their HR people don't "waste time" on looking at resumes that don't fit their desired profile.
However, most of them should have a "delete me" requirement based on the CCPA regulations that went into effect (I think) last year? If they're not already in effect, they will be this year (again, I think). In any case, there should be a "delete my information" request that you can file somewhere on the website, and then they have 45 days to remove it (ostensibly).
@SynAck Most of what I've seen so far had privacy policies and terms of service that include a contact for deletion request but this is too much on the user. Data deletion should be 1) available instantly from the account without emailing anyone and 2) automatic without request after a short period of time.
@Em0nM4stodon in Australia our privacy system, if you can call it that, allows these companies to also keep the data for at least seven years without consequence if they mishandle it. We have Koalas though.
@Em0nM4stodon we're looking at implementing a new recruitment system at my uni, and the privacy and records policy people actually made sure "right to delete" went into the requirements, because there's a strong legal obligation backing it. Hadn't come across anyone doing that before.
@Em0nM4stodon what's equally bad are the sites companies hire to do background checks. Like no way am I giving the keys to the entire kingdom to these guys who have no way of deleting my data immediately after completing the check.
My experience at a very large telecom was that HR routinely got away with IT, data, and software practices that were against security policy. And when called on things like safe storage of PII, were somehow immune to their clear policy violations.
I don't know if it's like that everywhere, but I suspect more often than we'd like to think.
@Em0nM4stodon it’s all terrible. My guess is that you’re talking about WorkDay sites, which I hated filling out so much that I made a TamperMonkey/GreaseMonkey script to do it for me. It seemed to work about 80% of the time…
Also made one for the EEO info on Lever job applications, but that one is far less annoying. Check them both out here if you’re interested.
@Em0nM4stodon
I know!! Since it's all online, why the f*ck do they need your home address or phone for the initial application that probably thousands of people submit to. At one point I probably sent out over 100 resumes. It makes me feel sick.
@lin11c@Em0nM4stodon They are using it to run a shadow background/reputation check, in a way that skirts consumer protection laws on credit reporting agencies. Or prediscriminating on postal code or phone area code before you get the chance to disclose any protected demographic information.
@Em0nM4stodon@lin11c My understanding is that it's intended for their "Recommendation engine" about which additional jobs to suggest to you - since they have to be in your area anyways -, or if they need to know if you can do in-person stuff in the area.
It is a little annoying though, and as I say that, they probably should secure the information better.
If for no other reason than to avoid it showing up in a major leak.
@AT1ST@Em0nM4stodon
Exposing this information in a leak is likely. My health insurance company, old employer, Equifax (FFS), LinkedIn... so many others have been compromised. This information should be deleted after your application is submitted. You should NOT be forced to create an account just to apply.
@lin11c@Em0nM4stodon Yeah, it's a little annoying trying to apply on LinkedIn using Easy Apply, only to find most companies want you to re-enter all your data again on their site in a new account (Or an existing account from last time, but...with updated information of course because it fell out of sync.) - and it's annoying that they insist on holding onto that information for like a year or more.
@AT1ST@Em0nM4stodon
Who does facebook sell it to? Or any of the other data brokers? This is just something that we plebs don't understand fully. They feed it into a big machine somewhere. Now of course it is for training AI. 🤮
@lin11c@Em0nM4stodon My understanding is that it's usually sold to advertisers, but...the unemployed are pretty hard to advertise to, given that they probably don't have money to spend on non-essential items.
@Em0nM4stodon one of my bank's websites is annoying... their validation JavaScript doesn't notice when the password is auto filled and then the pepper added unless you hit tab and enter in exactly the right sequence
@frost@Em0nM4stodon hypothetically, what if the site instead linked to a short series of computing puzzles (suitable for the role in question) and whoever solved them first was hired, unconditionally? Obviously some sort of verification and AI defense needed... but in principle? I know of an org that did something like this to hire interns and it worked out really well.
Oh no, I think this would be really bad and always favor the most privileged who can afford to be free at this exact time and have been informed of it at the exact right time. A system like this would really ramp up the biases and push out even more the marginalized. Timed-based tests are always very bad for this.
Add comment