“Job candidates are willing in this market to give any information they can that would help them get a job,” said Ellen B. Vance, an HR consultant and auditor who advises companies on how to safeguard applicant and employee information.
The instinct is natural, but it can leave you vulnerable to identity theft. Lax security by some employers has left resumes and job applications full of sensitive, personal data such as Social Security numbers, maiden names and drivers’ licenses easily accessible to computer hackers and identity thieves.
Government regulations and lawsuits have motivated employers to take the issue seriously, but many employers’ resume databases remain vulnerable to data breaches, and it can be hard to tell which ones are safe.
To protect yourself from becoming the victim of a data breach, sometimes it’s best just to say no. For example, Vance, senior consultant and advisory services practice leader at Titan Group, an HR consultancy in Richmond, Va., recommends that, before receiving a job offer, job seekers should omit any fields on forms that ask for sensitive information such as Social Security numbers.
“It’s OK to leave that blank and say you’d be happy to provide that at time of hire,” said Vance. “There’s nothing a prospective employer needs that data for.”
“I think the candidate is perfectly OK to say, ‘The reason I ask that is I’m very cautious, based (on) what I see in the media, about identity theft.’ ” Vance said. “You can do it in a way that’s not confrontational.”
Lorne Epstein, a recruiter with 13 years of resume-review experience and creator of InSide Job, a Facebook community of job seekers, also suggests that job candidates who want to protect their confidential data should leave their home address completely off their resumes. “Mostly people are getting communicated with by e-mail and by phone” anyway, she said.
Another way to help protect your resume from identity theft is to stay away from sketchy job listings, many of which breed on unmonitored sites such as Craigslist, said Rachel Rice-Haase, human-resources and marketing coordinator for Oberstadt Landscapes & Nursery Inc., in Fremont, Wis.
To identify legitimate job listings, use reputable sites and look for job postings that identify the company posting the listing. “If you\’re not sure whether it’s a bona fide (listing), don’t apply,” Vance recommended. “Or send a request for additional information.”
Vance also encourages job seekers to use a separate e-mail account for their job search so they can isolate their e-mail, both for security purposes and to keep track of job correspondence.
Once a job offer comes, candidates should also avoid providing copies of documents used for I-9 purposes, such as passports or birth certificates. Employers can legally record the documents’ information, but don’t hand over photocopies that can be mishandled.
Oberstadt’s Rice-Haase recommends that applicants using recruiting firms ask up front, “How much of my personal info is being given away?” And, “Do you really need to do a background check?” she said. “The recruiting company should have a sign-off, but they don’t necessarily always (mind) all their Ps and Qs.”