Thursday, June 07, 2018
In May 2018 the HR company PageUp noticed a breach of the security of their massive database of recruitment information. Highly sensitive financial and identifying data from an unknown number of job applicants, such as tax file numbers, bank account details and driver's licence details have possibly been stolen by unauthorized persons. Applicants for jobs with the Tasmanian Government, some Australian Government departments, the ABC, Australian Red Cross, University of Tasmania, UNSW, Macquarie University, University of Melbourne, ANU, RMIT, AGL,Target, Telstra, Reserve Bank of Australia, Medibank, Officeworks, Kmart, Commonwealth Bank, Jetstar, NAB, Aldi, Linfox, Coles, Australia Post, Lindt are potentially affected, as these companies and organisations are known to be clients of PageUp. This breach of confidentiality of individual people, many of them financially or otherwise vulnerable, is egregious and inexcusable.
This data breach should be no surprise to anyone, as data breaches have become regular news, often months after the actual occurrence of the breach, but this kind of criminal activity highlights a widespread and largely unacknowledged problem that I've been complaining about for a long time - HR departments failing to delete or purge online details of unsuccessful job applicants, ever, and often failing to delete such details or recrutiment database accounts even after the individuals explicitly request deletion from these systems. In effect, many Australian HR department are keeping a lot of highly sensitive and potentially dated and incorrect information about people who have no connection with their organisations indefinitely, either by neglect or by design. This is bullshit and it must stop!
I believe that for some, maybe all, government departments or bodies there is legislation that requires them to retain job application details for a year, but there are also various Australian laws and regulations that stipulate that Australians have a right to privacy. Sadly, these laws and regulations appear to be rarely invoked or acted upon. This is why we need to have one day a year when people like you and me, all over the world, not only in Australia, need to act to take back our privacy, and demand that HR departments delete any details or accounts of ours that are no longer legitimately theirs to retain.
So on Monday make the time to go online and see how many inactive online job-seeker accounts of yours or unwanted online accounts you are still able to log in to. You might get an unpleasant surprise. Flag them for deletion online if possible, or contact someone to ask for deletion. And a few months later recheck again to see how many of your requests were ignored.....