July 13, 2011
Should I disclose personally identifiable information on applications?
Q: I’ve been applying for both full-time and contract opportunities with AT&T, and I’ve been consistently hearing that it requires my social security number on any application. One agency, which was in India, asked me to send my full name, address and SSN via email. I offered to text it to the person I was speaking with, but she said she didn’t have a cellphone.
I contacted the state attorney general’s office, and its response was along the lines of: “You would have to give them your SSN anyway if you got the job.” Further investigation showed that the company that developed the recruiting software wrote it to require the full nine digits. I know that Microsoft uses the last four digits of candidates’ SSN to verify eligibility. What are your thoughts?
-- S.G., Bellevue
Kristen says: I contacted a recruiting manager at AT&T via LinkedIn to ask about this, but never heard back. So I checked with several of my recruiting communities. Apparently, this has always been the practice with AT&T.
From a security standpoint, entering personal information into a corporate website is fairly secure. There is a heightened risk with third parties, however, especially overseas.
AT&T has a list of preferred vendors at att.jobs/contractors/. If an agency that isn’t on this list contacts you, I would not communicate with it. Given AT&T’s potential T-Mobile acquisition, a lot of telecom professionals are going to be applying for jobs locally in the near future.
Many companies have a system in place to verify former employees’ or contractors’ eligibility for rehire or assignment. A social security number is a unique identifier. Several safeguards ensure that a candidate’s privacy is protected; usually, very few people have access to this information. Personally identifiable information, or PII, is taken very seriously by companies, as any breach can be cause for a lawsuit.
Identity theft is on the rise, and phishing scams often come in the guise of “employment” inquiries via email. As a best practice, do not provide any PII if the sender refuses to tell you the name of the company he or she is working for.
If you are unsure as to the legitimacy of a particular agency, call the company it says it represents and ask for human resources, recruiting or procurement. Someone there should be willing and able to give you a list of what agencies legally provide it with candidates.
Read more
Recruiter's Inbox,
1 Comments
Leave a comment
Kristen Fife is a recruiter, resume consultant, and employment expert based in the greater Seattle area.
Salary and Benefits
How to address pay gap with the boss
Career Center Blog
Recession Generation has stories to tell, lessons to teach
Career Center Blog
Contact info: New rules for the modern job market
Cool Jobs
Model Tristyn Rowlan's cool job
Career Center Blog
Three tips to rev up forgotten resume elements
Career Center • Blog • Events
- career profile (144)
- conflict (38)
- education and training (48)
- entry level (62)
- etiquette (79)
- events (56)
- featured (225)
- finding your passion (81)
- health care (61)
- interviewing (63)
- job hunt (43)
- management (49)
- market trends (85)
- networking (212)
- resumes (79)
- salary (74)
- social media (72)
- technology (82)
- unemployment (38)
- work/life balance (78)
Kristen Fife on July 18, 2011 10:39 AM | Reply
We received the following response to this week's question. I agree that companies requiring this information put themselves at risk.
Your recent column titled “How risky is it to include personal information on job applications?” highlighted how most companies are unwittingly increasing their liability risk FOR NO BENEFIT!
Companies advertise a position and receive multiple, sometimes hundreds of applications. Yet the company has a business need to know only the social security number of the individual(s) receiving a job offer. Most companies will check references and background of the preferred applicant or make an offer contingent upon successful reference checks.
The liability risk, especially for companies that request online applications, is that all the unsuccessful applications must be retained for a set period of time defined by law. In any legal challenge the company must prove that all personal information they required is permanently secure.
No company storing applicant personal information in a computer database or file cabinet can guarantee that personal information will not be stolen.
Companies should only be requesting the absolute minimum amount of information in order to determine two business needs:
Which applicants should be considered for an interview, and
From the applicant pool, the finalists likely to be employed.
Only then is there a business need to request additional personal information.
Requiring applicants to submit their social security number and other personal information before there is a business need, is an expedient, but legally risky practice. It will take only one successful lawsuit documenting the security failure to force all companies to stop needlessly exposing themselves to an unnecessary liability.
Yours very truly,
P S
Redmond, WA