Keeping your data private has become a herculean task. For example, personal information is routinely targeted during the job search process. Most job applications require the disclosure of sensitive personal data, exposing applicants to privacy risks, including identity theft, unauthorized access to data and the misuse of information such as Social Security numbers, bank account details, addresses and birthdates. As a result, it is critical to be deliberate about sharing your personal information.

Certain state laws regulate data collection during recruitment. For example, employment agencies and services in Washington, D.C. must obtain express written authorization before sharing a job seeker’s name, home address or phone number with a third party. D.C. Code § 32-409. In Minnesota, a statute governs the privacy of drug test results by limiting testing companies to reporting only the presence or absence of drugs and prohibiting disclosure to third parties. Minn. Stat. § 181.954. In Nebraska, employers cannot require employees to waive their rights under the Workplace Privacy Act as a condition of employment. R.R.S. Neb. § 48-3504.

One growing concern is the rise of “ghost jobs,” which are postings created for positions that may not exist. These bad actors collect valuable applicant data and may sell or use it for impersonation schemes or financial fraud. Data privacy violations can also occur without malicious intent. Many employers rely on third-party screening services and grant them access to applicant data, creating additional vulnerability. Recruitment scammers contact individuals through text messages, email or professional networking platforms and encourage them to apply for fake positions. Therefore, before providing personal information, it is essential to verify the legitimacy of the job posting and the recruiter. Generally, if an offer seems too good to be true, it likely is. Job offers without interviews or unsolicited job offers should be treated with caution, particularly when they request sensitive information early in the process.

To reduce privacy risks, applicants should apply only through reputable platforms, limit disclosures to what is strictly necessary and exercise heightened caution when asked to provide a Social Security number. Other practical steps to protect privacy during a job search include editing what information is publicly available. Many resumes include a physical address, phone number and email address on public professional profiles, which may be removed based on an applicant’s personal risk tolerance.

Throughout the job search process, be vigilant and avoid sharing more personal information than necessary. For further reading from our website on the topics discussed here, see the following insights and IP Bits & Pieces®: Why You Should Care About Privacy Policies, 23andMe Bankruptcy Raises Privacy Concerns Over Genetic Data, USPTO Home Address Rule, Landmark Lawsuit Challenges Amazon’s Data Collection Practices, and our Privacy FAQs.