Resume Database Nightmare: Recommendations to Job Seekers

Report home | Previous section | Next section


In any job search, it is undeniably important to circulate a resume. However, job seekers need to carefully minimize privacy issues related to resumes while still maintaining appropriate exposure to employers.

It is important for all job seekers to understand that resume databases vary widely in privacy practices and controls. Learning to choose a quality job search site and resume database with good privacy practices has become an important part of your job search if you plan to use the Internet as a job search tool.

Another key skill is to discriminate between valid job search related email and unhelpful  solicitations for your resume.

Remember, in the information economy, your resume has a “street value.” It is important to protect your resume from people and businesses who want to use it primarily to make a profit instead of primarily to help you find employment.

General Tips:

  • After you post, your resume is out of your control. Even the most careful, conscientious sites cannot control your resume after an employer or a recruiter has downloaded it.  Job sites do not have the ability to track or physically control how a recruiter or employer uses your resume after it is downloaded. Most sites watch for problems – such as rapid resume downloads  — and enforce terms of use agreements with employers and recruiters. But let the job seeker beware. When it comes to resume databases, some responsibility does fall to the job seeker to understand the risks involved in posting a resume in a database.
  • The more general the email “job” offer, the less valid it usually is . In the emails to job seekers, what stands out the most is that the emails asked jobseekers to send a resume to a new email address or to “update” their resumes. No specific, credible job was offered at one specific, verifiable company. Vague wording like  “We have thousands of jobs” or “We work with major companies” is a red flag. Requests to send in a new copy of your resume can spell trouble, too. Avoid vaguely worded offers, and avoid sending your resume to general email resume solicitations after you have posted your resume online.
  • Keep good records . Be sure to keep a record of where you have posted your resume. Remember to go back and delete your resume from the sites where you have posted it after you have finished your job search.
  • Be cautious about resume writing service agreements. If you plan on using a resume writing service in your job search efforts, get an agreement in writing that the service will not sell or share your resume with any third parties or partners . Also, ask to see the privacy policy of any resume writing services you may use and ask specifically about how the service handles and stores your resume. This applies to traditional and online resume writing services.
  • Use a disposable email address. If you decide to post your resume to a site that does not allow you to mask your identity, then mask it yourself. Use an email address that you can cancel if you start getting spam, and don’t give out your full name, phone number, or home address.
  • Never put a Social Security Number on your resume. You can provide it when you are invited for an interview or when the employer obtains your permission to conduct a background check. Widespread access to your SSN puts you at risk for identity theft. The only exception to this is when you are applying to Federal or State jobs, which typically require an SSN up front.
  • Omit references on your resume . When you post a resume online with your references’ names and phone numbers on it, you are giving their information away without their consent in what can be a very public forum.
  • Not every job offer you see is a real job. Some jobs are just scams. After you post your resume, you may hear from a person offering you a job that is a scam. Fake job scams have become a very serious problem in online job searching, as detailed in the World Privacy Forum “Job Fraud” report. There are usually some clear tip-offs that a job may be a scam. For example:
    • Does the job ask you to scan your ID or drivers’ license and send it in? 
    • Does the job ask you to transfer money as part of your duties? 
    • Does the job description mention e-Bay, Pay Pal, or Western Union? 

If any of the above are true, please understand that you may be looking at a fraudulent job. See the WPF detailed consumer tips on avoiding job fraud < > for more information about job scams and how to avoid them.

Resume posting options for job seekers

Job seekers have several options to choose from in circulating a resume.

  • One option is to reply to job ads directly without going through a third party. Look for a company-related email address to send your resume to.
  • Another option is to post a resume directly on the Web site of the company you wish to work for.
  • Working with one carefully selected “headhunter” or recruiter is also an option.
  • Some resume databases let you mask your contact information or email address when you post a resume. This resume posting option allows you to control who contacts you or not. If you are going to post a resume online, this should be the only way you post it.
  • Before posting a resume to any database, take the time to look for and read the privacy policy of that site and query the site owner with any privacy concerns . Be sure to look for specific privacy policy statements about resumes, registration information, and statements about how that information is used, stored, and shared. If the site does not have a privacy policy posted, that should signal that you should be especially cautious about posting a resume there, if at all.
  • Pay particular attention to how long a site says it will keep or store your resume . Preferably, job and resume sites should state that they promise to keep your resume for a limited, specific amount of time, such as one to six months, after which the site will delete your resume. Without specific, written statements about how long your resume may be kept, your resume can be archived for years, legally . Most job seekers do not want resumes circulating after they have gotten a job.
  • Before you post a resume, check to make sure you can delete your resume after you have posted it . Look in the job site’s privacy policy for resume deletion instructions. If you don’t find any such instructions on the site, write an email to the site and ask how or if you can delete your resume. If you are not satisfied with the reply, do not post your resume to that site. You must be able to delete your resume when you want to. After all, it belongs to you.
  • If you post a resume to a resume database and receive unsolicited email other than from legitimate employers or recruiters, be sure to notify the site where you have your resume posted and tell them you have received the email. Be sure to forward the entire email you received to the site so that it can take action. Again, the more vague the email, the less legitimate it is likely to be.
  • Post your resume sparingly. It is tempting to go to every job site you can find and post your resume. Focus on quality, not quantity. If you believe you must post your resume online, hand-pick just a handful of sites that have good privacy policies and a good track record. Choose sites that other people working in your profession have had good luck with, and post only to sites that allow you to mask your contact information.
  • Your resume belongs to you. According to current copyright law, you own your resume and the copyright on it. If you don’t like how your resume is being handled, you have the right to complain and take action.

Help for Job Seekers

If you believe your resume or personal job search data, including your email address or your name, has been shared or used in a way inconsistent with a job site’s posted privacy policy, you have recourse [34] through the Federal Trade Commission (FTC.)

You may file a consumer complaint with the FTC by calling (1-877-FTC-HELP ) or by using the FTC’s online filing system, located at . Click on “File a Complaint Online.”

If you have identity theft problems resulting from your resume posting, visit the Web sites of the Privacy Rights Clearinghouse and the Identity Theft Resource Center for facts and helpful information. The PRC provides other fact sheets relating to SSNs, workplace privacy, and financial privacy, located at .

You may additionally contact for further information or help as of February 24, 2003. New consumer information will be posted at the site, including a consumer guide to online job site privacy, throughout 2003 and beyond.  Email: .

This report, “Resume Database Nightmare: Job Seeker Privacy at Risk,” is available on the Privacy Rights Clearinghouse Web site at  and at

Pam Dixon gratefully acknowledges Rose Foundation Consumer Privacy Rights Fund, whose financial support made this research possible .





[34] .a.The FTC policy is that posted privacy policies on Web sites should reflect actual data practices. If the policies do not match the data practices, there may be potential legal consequences. The FTC Act allows enforcement. General description of the Act: ” Under this Act, the Commission is empowered, among other things, to (a) prevent unfair methods of competition, and unfair or deceptive acts or practices in or affecting commerce; (b) seek monetary redress and other relief for conduct injurious to consumers; (c) prescribe trade regulation rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices; (d) conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce; and (e) make reports and legislative recommendations to Congress.”

b. Also: An important policy statement from the FTC regarding this issue can be found in FTC Chairman Timothy Muris’ remarks of 2001 in his speech, Protecting Consumers’ Privacy: 2002 and Beyond ; Remarks of FTC Chairman Timothy J. Muris at The Privacy 2001 Conference Cleveland, Ohio, October 4, 2001. Here, quoting from the section of his speech, “Enforcing Privacy Policies” : ” We will also enforce privacy promises. One of the agency’s successes has been encouraging Internet sites to post privacy notices. In 1998, only 2 percent of all sites had some form of privacy notices.(24) By 2000, virtually all of the most popular sites had privacy notices.(25) ……… Having encouraged commercial Web sites to post these notices, the FTC needs to ensure compliance. Privacy promises made offline should be held to the same standard. The FTC has brought several cases challenging violations of promises made in online privacy policies such as the disclosure of information to third parties and the collection of personally identifiable information from children.(26) We will expand our review of privacy policies and make it more systematic. We will seed lists with names to ensure that restrictions on disclosures to third parties are honored. We will also work with seal programs and others to get referrals of possible privacy violations. Finally, as I will discuss shortly, we will improve our own complaint handling system to target cases more effectively.”

c. Also, see : FTC v., No. 00-11341-RGS ,D. Mass. filed July 10, 2000, alleging that Toysmart misrepresented that personal information collected from consumers on company Web site would never be shared with third parties. FTC v complaint .



Roadmap:  Resume Database Nightmare – Job Seeker Privacy at Risk: V. Recommendations to Job Seekers


Report home | Previous section | Next section