I'm job hunting at the moment and I've come across several potential employers that have PDF's that you would download, fill in, and then email to them. I feel EXTREMELY uncomfortable sending my personal information such as name, address, phone number, work history. etc through such insecure methods, never mind my SSN or similar sensitive information. I feel like this is a major personal security risk for myself. Is it? If so, how can I make that clear to them while still maintaining my eligibility for employment?
asked Jun 28, 2015 at 6:54 Douglas Gaskell Douglas Gaskell 1,229 3 3 gold badges 10 10 silver badges 15 15 bronze badgesI feel like this is a major personal security risk for myself. Is it?
It may be. You may not be targeted specifically, but "email is a private as a postcard". (Not enough reputation for a link, but it's googleable.)
If so, how can I make that clear to them while still maintaining my eligibility for employment?
I would've called my contact person and explained that I'm a security conscious person and that I don't feel comfortable with sending all that information over the Internet. I would then ask if there is another way for them to recieve it, or if they could wait until an in-person interview.
It may also be illegal for them to require you to send it over unecrypted email, depending on which state you are in. I'm neither a US citizen or a lawyer, but this came to mind:
answered Jun 28, 2015 at 12:08 216 1 1 silver badge 4 4 bronze badges1798.85. (a) Except as provided in this section, a person or entity may not do any of the following: [. ] (3) Require an individual to transmit his or her social security number over the Internet, unless the connection is secure or the social security number is encrypted.
An address and phone number is one thing. In certain cases, this might be considered public information, think about a telephone book.
I agree with you that submitting your SSN is a bit tricky, to say the least. I can imagine that once you're hired you are required to submit this information.
In my opinion there is no need to supply this kind of sensitive information up front. I suggest to tell the possible employer(s) that this information will be given in person if it comes to a contract.
In addition, try to explain to them that if this kind of information falls in to the wrong hands, it can be used to perform identity theft. Try saying it in a way where you don't say that you don't trust them, but that you don't trust sending this information over the internet.
Is this a major security risk?
I think the likelihood of your traffic being sniffed is quite low. Apparently you're quite security aware. In addition, you could tell the employer(s) you only want to send this information encrypted by using PGP (or GPG) for example.
My personal concern would be where this information is stored. I've done some research about CV's and passports being stored on web servers, the results are scary.