On the one hand, if Jo Average will be rejected after the first interview, when his age and other potential problems will become apparent, some could argue that the external databases saved him and the company a lot of time and grief. [The fact that the action may not be legit for the company is addressed below.] The same could be said for a bad credit report, attendance at a lesser regarded school or work for a company that came under scrutiny. If the use of these tools for specific protected information are attacked by legislation, the data vendor could suffer from loss of income. If the hiring company is shown to have used prohibited information, it could be sued. Jo just wants a job.

Looking at the paradigm from these three points of view — hiring company, data vendor, and Jo — we see a range of actions interesting to privacy professionals.

Hiring company — need communications to employees and applicants that are in line with practices. If the policy says that information will not be used except as allowed by law, the employee bulletins or training should inform hiring managers that they cannot use protected information from any source, including the internet. If applicants are told that they can challenge this information (as in some notices), the information must be captured in a way that it can be presented. In the best cases, the company receives information for hiring from such companies in a way that protected information is screened and that information used to reject the candidate is captured in a succinct way (arrest records, regulatory complaints, etc.) I have not yet seen an ideal notice that would work across industries, but it may address how and why social media and other external sources will be used, if the company decides that it can open this channel.

Data vendor — I am not close enough to know what is currently happening. However, in earlier versions of this “dance”, the industry leaders (through a trade association) developed guidelines and standards for members to adopt. Experience with implementing and following these standards informed later legislation and regulation in a way that meaningful controls were put into place without causing undue harm to valid pursuits. There are many examples, but current work on internet advertising, longtime work of the direct marketing (in the US and Europe) are some examples.

Jo, the applicant — As with any other hurdle, Jo has taken some of the first steps by not flagging his age and doing some diligence on the external information. He must also put himself into the shoes of the hiring company and raise and answer objections that may arise. This may be done best by moving as much as possible out of the straight jacket of the resume and into a cover letter where Jo has a better chance of addressing why he should be one of the top candidates — experience; knowledge of the company; knowledge of the industry; personal and professional contacts; hit the ground running. He may also need to think in advance of how to address hard questions such as younger people who may be willing to put in more hours at a lower salary. He may be more efficient, more accurate (less risky) and good at mentoring young workers. He may even offer to “opt in” to more information about his private life. If skills may be a question, he may better off showing his skills in a blog or other demonstration of keeping up with what is going on. Therefore, lack of internet presence may be as much a negative as any information contained in a professional site. Some who have taken themselves off of the grid in a reaction to one problem are sometimes surprised by the lack of engagement in other areas.

The privacy professional needs to address similar conflicts when a person gets a larger discount offer (or any offer) based upon this kind of information whether a lower interest rate on a credit card, a super saver day at the local supermarket or an invitation to a free lunch. All play the benefits of efficiency (more information) against fairness (same offer for all). As time for decision making, corporate margins, and reluctance to receive offers that will not pan out grow, all of us may need to play a part in creating a world where this additional information leads to fairness and more productive dialogues.

That said, we must all watch out for the Jo Average Jr’s of the world, especially during this transition. Are we making it easy for those unaccustomed to this transition to get a fair break. Do we inform them of the tools we use so that they can make appropriate corrections (and restrict internal use to what we say)? Do we provide channels, such as letters outside of the computerized information capture, that allow them to provide information about what their unique backgrounds and experience will provide. Do we allow opt-outs from the use of external information (to make candidates more likely to apply to our company). Do we offer to provide information about what types of information we received that resulted in a rejection (with an ability for a rebuttal)?

Unfortunately, few of these are in place today. That does not mean that they should not be a goal for tomorrow.

First, see this reddit post I made explaining how to remove yourself from some of the top people search websites for free: http://redd.it/j0enu

Second, check out Abine’s DeleteMe service, which is a much more reasonably-priced alternative than Reputation.com: http://www.abine.com/deleteme.

Third, as a general rule of thumb, though, be careful about who you supply your contact information to. You’d be surprised how often your information is collected: for example, when you order something online, sign up for a social networking site, send in a rebate, post a comment, or enter a sweepstakes. Use one of the many free apps out there that block online tracking and let you create alias email accounts that can’t be linked back to you. My recommendation: http://www.abine.com/apps.php

http://www.privacychoice.org/disconnect

same day but not same way… time flies but UE and US keep really different approaches. This is logical considering the different conception of privacy but still sometimes confusing.

The answer is quite simple. They want to sell your details to as many people that request it as possible before you actually get a sniff of what’s happening.

This is FB’s way of squirming through loopholes.

je souhaiterais beneficier des des nouveaux amendements de Face book sur une Fan Page.
Comment faire ???

Depuis les nouveaux profils et nouvelles fan pages, mon nombre de visiteurs à fortement diminuer et je pense que c’est lié…

Merci d’avance pour votre aide.

What about the fanpage ?

I like the direction the Article 29 working group is going, but there are still a number of problems.
The first and most basic is a definition of RFID. I can’t find one in the various documents, although I admit there may be something there I missed. Creating a definition is amazingly difficult and can become technical to the point that people without a proper engineering background cannot possible understand. The Article 29 Working Group seems to be talking about small passive RFIDs, but there are also active RFIDs where the energy source is not in the reader, but in the “tag.” Trying to distinguish devices such as garage door openers, cell phones, laptop computers, etc is quite a drafting problem. The devices are better viewed as a continuum than separate categories. Still, regardless of the level of difficulty, this is something that has to be tackled by regulators or it will result in confusion and litigation.

I note the usual problem of requiring deactivation of RFIDs at a consumer’s request at point of sale seems to be mitigated by the exemption if a PIA determines that the RFID does not represent a likely privacy threat. However, there still seem to be a series of unnecessary disclosures regarding the PIA that have to be made to the consumer even in this situation. The best example is your car key. As I understand the Framework, your car key is in category 2 because each one contains an RFID and people carry them around. The range of the RFID is very short and the information contained is a number – there is no personal information. If the number on your key RFID does not match the reader that is part of your vehicle’s ignition system, your car won’t start. This is an anti-theft measure. Similarly, there is an RFID in your tire (often as part of the valve stem) that senses the tire pressure and transmits the information to a reader in the vehicle so the pressure (or in some vehicles just a problem with the pressure) can appear on the instrument panel. This is obviously a safety feature. There is no personal information involved, but as I understand the Framework, since car keys are carried around with people, the useless disclosure of how all of this works and the results of the PIA will have to be revealed to generally uncaring consumers. Further, who is the Controller or “RFID Operator”? The vehicle manufacturer? The first car dealer? the used car dealer? The previous owner? The RFID system suppler? This particular requirement, whatever it actually means, seems to add cost to business without adding any value to the privacy of individuals.

I believe the Framework goes in the right direction, but still needs work.