[SGVLUG] "secret" data sold...

[Emerson, Tom (*IC)]

> -----Original Message----- Of matti
> 
> -- and on other news --
> 
> Firm 'sold workers' secret data' 
> http://news.bbc.co.uk/2/hi/uk_news/7927487.stm

I suspect this has been a little over-sensationalized, however the
company selling the data might have a way out of their troubles -- if
they drop anything that can be conclusively be proved as "secret" data
and/or can show documented PUBLICLY available sources for their data,
then I can see them continuing as they have been (though they might have
to apply for a "private investigators" license, which in turn might
enable them to research "some" of the less-public information, and
before you know it they are back to where they were before...)

We have this concept here -- it's known as a "background check".  I'm
not sure if the "investigator" involved in such checks can (or should)
make any "recommendation" about the people they investigate.
Ultimately, however, it is up the the company doing the hiring to make a
decision based on the results, and this is where it gets into a grey
area -- if you get turned down because of information brought to light
by such a check, your only recourse is to ask "is this policy uniformly
enforced?" - and even all that may get you is the satisfaction of
knowing that the HR director simply doesn't like you personally.

In the article itself, it mentioned that one person won a case for
"unfair dismissal" (and the appeal as well) and now finds nobody will
hire him.  Unfortunately, for him, the court records would be public
information (I presume, but it is the UK...)  Ask yourself: as an
employer, would YOU hire this guy KNOWING he has raised a stink in the
past regarding employment?  Next, presume you didn't know this fact but
hired a company to do a "background check" and this lawsuit came up as
part of that investigation - would the fact that the investigative firm
turned up this tidbit affect your decision?

OTOH, for the "next candidate", the PI firm finds out the prospect had
used the prior company's internal e-mail to gripe about his manager.
This "e-mail" did not travel "outside" the company (i.e., never "over
the internet" -- all on private circuits)  How the PI firm determined
the existence of such an e-mail, damning though it may be, would point
to questionable practices by the investigator.  (almost -- checking in
with past employers, even if not cited as a "reference", should be
standard practice of both HR managers and investigators - whether or not
the prior manager knew of and/or offered this information could be the
basis of a lawsuit, but then, that bridge was already burnt...)

Now, for the big "IF"...

What if, instead of the company's private e-mail, the prospect had sent
a "facebook" message to his best buddy?  Still, more-or-less "private",
but it WAS sent "over the internet", which is inherently insecure.
Furthermore, there is no guarantee that his "buddy" will keep that
information confidential - unintentionally forwarding it (or worse,
posting it as a "feed" item, as facebook calls them...) would make this
public...

Of course, the moral is be careful of what you say, to whom you say
things, and how they are said, because anything negative might come back
to haunt you.

As someone's tagline around here says:

"e-mail is not a secure channel"

[which includes this list ;) ]