2003 Job Search Privacy Study: Best Practices for Job and Career-Related Sites
Report home | Read the report (PDF) | Previous section | Next section
- Clear, conspicuous, and abundant posting of a privacy policy. Fair Information Practices dictate that privacy policies should be posted at or before data is requested of a job applicant or site visitor. And the policies should be posted at every page information is requested of a job seeker.
- Apply Title VII of the Civil Rights Act vigorously. Don’t hide behind new technologies that allow for an “end run” around the precise stipulations of this critically important standard. While it is possible for sites to get around Title VII issues today due to “targeting” technologies, it is not desirable whatsoever on a societal or individual level. Every site must state voluntary submission of Title VII data, and must keep that data separate from applications – even if that data is submitted electronically.
- Use of session cookies only. Some of the largest sites on the Internet, such as Amazon.com, use session cookies only. There is no intrinsic need for job sites to be allowing long-term cookies from their sites or from third parties.
- Follow the NAI Agreements. If third party advertisers are allowed to deposit cookies on visitors’ computers, then link to that advertisers opt-out cookie, or the NAI agreement page, if applicable. If a third party advertiser wants to deposit a cookie that does not allow opting out, don’t use that advertiser.
- Resume posting areas should be off-limits to advertisers and other third parties. This is especially true if the site is using GET commands or putting any information that reveals an applicant has posted a resume on a site in a URL where a third party can pick it up using simple computer coding. This is an unfair monetization of job seeker activities on job sites. Job seekers should have the right to look at job ads and post resumes without sharing that information with advertising companies or other non-employment related third parties present on the site.
- Use the OECD privacy policy generator to check compliance level. Even if you already have a privacy policy, you can use this tool to check your privacy policy for full compliance with and inclusion of each of the 8 internationally accepted principles of Fair Information Practices. The OECD principles have an excellent balance of free flow of information and privacy protection.
- Re-evaluate Affiliate Marketing Policies. If affiliate marketing is available, consider vetting those who market the site and creating a code of conduct for them. For example, sending deceptive e-mails to job applicants is a good thing to prohibit.
- Use clear, direct wording in privacy policies. Tricky privacy policy wording will eventually catch up with a business. A cleverly worded policy may allow a site or business to sell or share applicant data without too many applicants catching on. However, someone somewhere will catch on, and then the loss of consumer trust is very challenging to regain.
- Don’t use offline data sources to correlate information in the resume database or email contact list. Even if you disclose this practice, it is a highly negative consumer practice.
- Prior to adopting industry standards, involve and solicit meaningful input from a coalition of privacy, consumer advocacy, and labor organizations. Too often technical and other industry standards have been developed with little to no input from a broad coalition that allows for supporting consumer and broader labor interests.
- Guard fairness standards in the modern job search. While sites may well exist to make a profit, there is another much larger and more significant side of the story; that is, a job search infrastructure must be fair and must be experienced as fair by the job seekers who are forced to use it.
Roadmap: 2003 Job Search Privacy Study – Job Searching in the Networked Environment: Consumer Privacy Benchmarks: VIIII. Best Practices for Job and Career-Related Sites