Q&A: What are the privacy implications of airline loyalty programs?
If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter.
Besides being referred to as the second year of the COVID-19 pandemic, 2021 might also go down in history as the year of the “Great Resignation.”
But while the term, describing the recent mass exodus of employees from the workforce, has followed us into 2022 (with many people agreeing that it should be added to dictionaries), business leaders are arguing that what we are seeing right now in the labor market would be better described as the “Great Reshuffle.”
Generally speaking, people are not quitting their jobs for the sake of quitting. Rather, they want to find a job that they actually like. Unfortunately, as people get in touch with recruiters and companies looking to fill new roles, the personal data that appears about them online may be one reason they never hear back.
The “Great Resignation” → The “Great Reshuffle”
Millions of people left their jobs in 2021. In the US alone: More than 38 million people quit their jobs last year, some of them twice. Mid-tenured employees were just as likely, if not more, to resign than less tenured groups — a “unique” and “destructive event,” according to some observers. Quitting rates for employees aged 30 to 50 increased by 38%, proving that it’s not just young professionals (who are known for job-hopping anyway) that are ending their employment contracts prematurely.
Why are people suddenly resigning? While there are many reasons, including COVID-19 burnout and childcare constraints, the main one is that COVID-19 has made people rethink their careers and work-life balance.
To quote Microsoft’s CEO, Satya Nadella, “Not only are people talking about when, where, and how they work, but also why they work. They really want to recontract, in some sense, the real meaning of work and sort of asking themselves the question of which company do they want to work for and what job function or profession they want to pursue.”
The Best Time to Find a New Job?
Might be now. According to Monster’s Future of Work Report, 93% of employers are gearing up to hire staff in 2022, an almost 10% increase from last year.
What’s more, to make themselves more attractive to potential candidates, many companies are looking to increase role flexibility, offer more benefits and perks, provide skills training, and increase salary and wages.
But there’s a major problem.
Although everybody appears to be hiring, no one is actually getting hired. Unsurprisingly, job seeker confidence is pretty low, especially among those actively searching.
From networking to highlighting transferable skills, there is no shortage of online guides with tips to help you land your dream job. However, most of these guides miss one important point: if the search results for your name give an employer or recruiter pause, it won’t matter how well qualified you are for a role. Your chances of hearing back will be significantly lower.
Your Future Employer Knows A Lot More About You Than You May Think
It’s not just the information you share on your resume or during an interview that determines whether you get hired or not.
Employers are increasingly doing detailed online research on job candidates to decide if they’d be a good fit for a role — and the organization. In fact, googling potential employees is pretty standard practice (although a legally ambiguous one).
Many employers examine not only the search results that come up but also candidates’ social media profiles, auction sites like eBay, and even virtual worlds.
Over 70% of employers have chosen not to hire a candidate based on what they found about them online.
“Explore Beyond the Resume”
Not all employers spend hours googling a potential candidate. Instead, many buy prospective employees’ profiles from data brokers. A notorious FTC investigation some years ago highlights just how widespread this practice likely is.
What happened? The people search website Spokeo was fined for marketing people’s personal information that it found on social media and other online and offline sources to recruiters and employers. Through online ads with taglines crafted specifically to entice employers and a special section on the Spokeo website dedicated to recruiters, the company urged individuals in charge of the hiring process to “explore beyond the resume.” While other data brokers no doubt also provide people’s profiles to employers, the fact that they don’t advertise their services directly to recruiters makes charging them much more difficult. And even though technically, employers who buy profiles from data brokers are supposed to comply with the Fair Credit Reporting Act, not all of them do.
How to Clean Up Your Online History
Google your name: Remember to use the Incognito tab or log out of your Gmail account (if you have one) before you do this to avoid getting customized results. If your name is fairly common, add your city/state/industry to your search query, as that’s what an employer is likely to do. Make your social media profiles private. Not only will this ensure that a recruiter won’t see anything that may be misconstrued as inappropriate, but data brokers will also be unable to scrape your social media data. However, other people’s public posts about you will still be easily findable, so you may want to ask your friends and family to take down any posts that mention you or untag you from any content that may be unflattering. Think twice before you say anything online. You might not even remember leaving a bad review of your previous place of employment or calling someone an idiot on a forum thread, but remember: anything you post online will live on the internet forever. Even if you remove your old reviews or comments, it’s likely that data brokers have already scraped them. Don’t go completely AWOL. For many recruiters, no online presence at all can be a red flag in and of itself unless they’re in an industry that values privacy, like cybersecurity. In this case, it may be worth purchasing a URL with your name, which you keep updated with your professional information, or maintaining one public social media profile (like LinkedIn).
Our recent favorites to keep you up to date in today’s digital privacy landscape.
A Bug In Safari 15 Leaks iPhone, iPad, and Mac Users’ Browser Activity
Researchers discovered a bug in Safari 15 that exposes iPhone, iPad, and Mac users’ recent browsing activity, plus some of the personal data attached to people’s Google accounts, in real-time. Although researchers reported the bug to Apple in November, the company only patched the bug in January, with updates now available to the general public.
IRS to Introduce Facial Recognition for Digital Services This Summer
From this summer onward, taxpayers will no longer be able to log into their online IRS account using their email and password. Instead, they will need to create an account with ID.me, a third-party facial recognition company, and upload a video selfie. While taxpayers will still be able to file and pay their taxes without submitting a selfie, the IRS hopes that this will help prevent fraud and protect users’ privacy.
Cybercriminals Stealing Financial Information Through QR Codes
The FBI issued a statement warning Americans that cybercriminals are using fake QR codes to bring people to fraudulent sites and steal their data or hijack payments. In one example, criminals had left malicious QR code stickers at a number of parking stations in Austin, Texas. The bureau advises users to check the site URL when they scan a QR code to make sure it’s legitimate and avoid using QR codes for making payments.
Hackers Using Google Docs Comments to Share Malicious Links
Cybercriminals are taking advantage of the comments feature in Google Docs, Google Sheets, and Google Slides to send malicious links to unsuspecting victims (in particular Outlook users). Since emails with fraudulent links come from Google, they bypass email filtering solutions. And, because they don’t display the attacker’s email address (just their name), attackers can pretend to be someone that the victim knows.
You Asked, We Answered
Here is a question one of our readers asked us last month.
Q: I have received advertisements from airline loyalty dining programs, which require you to input your credit card information and then monitor your credit cards for transactions that receive reward miles (e.g., restaurant visits). However, I started wondering whether, by submitting credit card information, I would be giving up a lot more privacy than the programs suggest. Perhaps they may be collecting comprehensive information on my spending patterns and selling that to data brokers? I checked the privacy policies of a few such programs and found that they really don’t say anything meaningful. Is this something you might be able to shed some light on?
A: What a great question — and an understandable concern.
All loyalty programs, be they airline frequent-flyer miles programs, drug-store/supermarket discount cards, or loyalty programs offered by retailers in exchange for using their private-label credit cards, collect consumer data. In fact, long before the internet existed, programs like these were the most powerful method of data collection for retail businesses.
In exchange for discounts, these programs are designed to both improve customer retention rates and allow the companies behind them to farm data on transactions and product choices. This data can then be benchmarked against users’ personal demographic details.
In the modern digital era, loyalty programs have become less necessary for data gathering since so much data can be easily collected by tracking internet/mobile device behavior. That being said, these programs do still allow companies to collect data on their own customers without any third-party intermediaries (like Facebook, card-processors, or adtech firms) that either charge fees or have terms on how the data is to be used/resold.
Increasingly, all consumer-facing companies are competing in the “customer data” space. Even if they already have sufficient detail on their own customers for their own sales and marketing purposes, companies often look for ways to expand their range of data collection processes. They do this in order to build unique data sets that they can share/sell to other third parties themselves (like financial services firms they partner with).
Loyalty programs also increase the risk of privacy damage done in the event of data breaches. Indeed, cyberattacks aimed at stealing information from loyalty programs are not at all uncommon. In the last five years, we have also seen criminals targeting loyalty programs not only for consumer data but the actual “benefits/rewards points,” which can often be exchanged for cash value in online transactions or sold to other people engaged in large scale fraud.
So, to sum it up, all loyalty programs track you, which may have a negative impact on your privacy.
Back to You
We’d love to hear your thoughts about all things data privacy.
Get in touch with us. We love getting emails from our readers (or tweet us @Abine or @DeleteMe).
Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.
Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito?
That’s it for this issue of Incognito. Stay safe, and we’ll see you in your inbox next month.
Don’t have the time?
DeleteMe is our premium privacy service that removes you from more than 30 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.
Save 20% on DeleteMe when you use the code DIYPRIVACY.