For Your Eyes Only

Didn't your mother ever tell you to keep your secrets to yourself? There are an awful lot of people out there who want a lot more information about you, and they'll resort to some pretty interesting schemes to get it. The popular Air Miles card, for example, is really an identifier used to track your purchases at various retailers. The marketing people behind the retailers use the information to gain insight into where you shop, what time of day you shop, what you buy, and when you're most likely to be spending your money, like on payday.

In this business, it's hard to remain undercover for long. Almost everything we spend is on credit, and with today's security requirements, and drug and alcohol testing (U.S.), there's not much you can keep secret. There are ways, however, to limit the flow of information about yourself, and there are plenty of good reasons for doing so (see Identity Theft sidebar).

On-line driver recruiting has become a popular, efficient, and cost-effective way for carriers to find drivers, and its popularity is increasing daily. For a carrier, it's an easy way to gather information on potential employees, and for the driver, it's an easy way to approach a carrier without appointments, schedules, and obligations. When not done properly, however, the on-line recruiting process can be risky indeed for the driver.

In researching this story, we visited over 100 carrier and agency websites to view their on-line application process. We found tremendous variation in the sophistication of the process, but little variation in the security of the information.

Many websites presented the company's program and offered a telephone number or an e-mail address to respond to. Others had simply taken a typical employment application and converted it for presentation on a website. That format was typical of smaller carriers trying to gain some on-line presence. Some larger organizations with the budgets for a more sophisticated web presence had detailed electronic applications.

On-Line Applications
An employment application for a cross-border driving job contains enough information about you that it could easily be used by someone wanting to establish a convincing background for a new identity.

Typically, drivers are asked to provide a 10-year work history (a U.S. DOT requirement), a five-year residency history, educational background, physical history - even names of family members and emergency contact information, a complete accident and violation record, and more. Astonishingly, a high percentage of the on-line applications also asked for driver's licence numbers and social insurance numbers (SIN), and a few we came across even asked for names and phone numbers of doctors, bank managers, etc. The horrifying part is that of the dozens of on-line job applications we examined in preparing this story, not once did we come across a site that offered a secure, tamper-resistant connection. Not once!

Just about any entry-level hacker could intercept any and all of the information that you're willing to submit on an electronic job application. And with that kind of information flipping back and forth, don't kid yourself into thinking that nobody will be watching a trucking website.

The other difficulty with on-line applications is that you have no idea who is viewing the information or what they're doing with it.

Take the highwaySTAR on-line application for example: while we deliberately ask for a minimum of information - basically just contact information and a few employment preferences, when you press the send button, it is e-mailed to our offices, and then forwarded to the carrier(s) you choose. But we could be forwarding it to dozens of other e-mail boxes as well, quite without your knowledge. We don't, most assuredly, but the question you should be asking before you press the send button is this: is there anything on that application form that you wouldn't be comfortable putting on a post card?

If you don't know where the application is going when you press the send button, how confident can you be that it will be safeguarded when it gets there, wherever 'there' might be?

This is a screen shot of the actual consent form used by a company that conducts driver reference checks as an agent for the carrier. It appears at the bottom of their on-line driver application as of Nov. 20, 2003. Once you've signed this document, you've authorized the company - in this case not even a carrier - to conduct a background check on you at any time, without further consent, and to revisit your file as often as may be requested in the future, presumably for as long as you're a commercial driver. This organization profits from the trading of your personal information between carriers in a reference check format. When you fill out an application, read the consent and release section carefully. As of January 2004, the employer must disclose whether it plans to pass your information along to a third party, who that party is, and what information will be exchanged. But it doesn't stop there. Once an agent has your information, and has made the investigations, the agent may pay or offer some incentive to another carrier to provide additional information about you, such as termination reports, which could then be added to your personal profile. That takes the control of your personal information out of your hands, but under The Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPED), you have the right to prevent that from happening. While it may cause some difficulty at the time of application, the only way to limit the unauthorized use of your personal information is to refuse to sign any release that doesn't limit the disclosure of information only to that particular carrier. If you've made an employment application in the past two years, there's a good chance that your name is already in some agent's database. You have the right to know what is in your file, and you should be asking for a full disclosure of that information to ensure its accuracy. Under PIPED, the holder of that information is required to correct any inaccurate information, not simply to provide you an opportunity to refute an error. You may or may not have been aware of all this, but it's troubling indeed that a previous employer could sabotage your chances of landing another job by providing such an agency with an unflattering termination report. If you suspect that may be the case, contact the carrier's agent in writing and demand full disclosure. If it's refused, you're entitled to file a complaint with the Canadian Privacy Commission.

Consent & Guidelines
The PIPED Act provides protection against the use and misuse of personal information. Since the beginning of 2003, it has applied to personal information about customers or employees that's collected, used or disclosed by any federally regulated business or organization, such as interprovincial trucking, in the course of commercial activities. As of January 1, 2004, the Act will cover the collection, use or disclosure of personal information in the course of any commercial activity, including provincially regulated organizations.

The law requires organizations to obtain your consent when they collect, use, or disclose your personal information, but it's up to you to be sure you understand the terms and conditions of the consent. For example, if you read the consent form in the sidebar on page 29, you grant that organization permission to conduct a credit bureau check. Under only the rarest of circumstances should a company employee be asked to consent to such an investigation. Yet, once an organization has your consent, they're free to make use of it.

How's this for a clever way of getting your electronic consent to conduct background checks and to distribute your information to the company's clients (copied and pasted directly from the bottom of the first page of a multi-page on-line driver application)?

DISCLAIMER
By clicking 'Next' for this Driver Profile, I certify that I have personally completed this profile and that all of the information provided is true and correct. I hereby request and authorize any potential employer that views this Driver Profile to conduct an investigation of my background for employment purposes, which may include, but is not limited to, any information relating to my character, past work experience, education or any other information regarding my qualifications as it pertains to my application for employment.

I have completed this form of my own free will and hold XYZ Company harmless of all liability for making this Driver Profile available to employers that access the driver profile database.

In order to complete the rest of the form, which goes on to ask for some privileged information like driver's licence number, you have to click the 'Next' button, which, in addition to giving you access to the next page, gives this company carte blanche to investigate you, to open you up like a book. The company could decide that you're not employable before they've even talked to you. That's called pre-screening, and if all you're trying to do is move to the next page (having not read the disclaimer), you're duped into giving your consent to a pretty thorough background search.

But let's hold on a second. Should you avoid on-line application forms? No. You just need to be careful with the information you're willing to pass along.

Don't give a driver's licence number until you're sitting down face-to-face, or have at least had a conversation with the company. Don't give away your SIN until you're about to sign on to the company. And as for all those blanks that require some information before you can proceed to the next page? Just type in a bunch of Xs and move on, except if the 'next' button is permission to do a background check. Sorry to say, but any organization that would disguise permission for a background check as the button you need to move on through the application might not be the kind of organization you want to work for. What you really want to do is talk to the carrier about the job. The on-line application is just a way of introducing yourself.

Your ability to control your personal information is key to your right to privacy. PIPED gives you control over your personal information by requiring organizations to obtain your consent to collect, use, or disclose information about you.

Under the Act, you have the right to:
• know why an organization collects, uses or discloses your personal information.
• expect an organization to collect, use or disclose your personal information. reasonably and appropriately, and not use the information for any purpose other than that to which you have consented.
• know who in the organization is responsible for protecting your personal information.
• expect an organization to protect your personal information by taking appropriate security measures.
• expect the personal information an organization holds about you to be accurate, complete and up-to-date.
• obtain access to your personal information and ask for corrections.
• complain about how an organization handles your personal information.

The Upside
If there's an upside to all this it's that Canada's privacy laws allow you access to all the information various institutions or organizations may be keeping about you. All you have to do is ask. That may require a formal request, and perhaps a small fee, but in most cases the agency you're asking must respond to the request within 30 days.

And this process can be made to work very much to your advantage. If you've got a good record, whether it's driving, financial, or insurance claims, it's to your advantage to show that to prospective employers. According to Tim Courtney, national director of underwriting for Markel Insurance Company of Canada, formal requests for release of information regarding personal driver files held by that company would be complied with.

"Drivers who keep their records clean can use insurance records to their advantage," Courtney says. "All you'd have to do is write to the company, prove you are who you say you are and ask for your loss records. If we have a file on you, we'll be prepared to accommodate your request."

Isn't that better than having god-knows-who making inquiries about your past without your direct consent?

Sidebar - Identity Theft: What is It And What Can You Do About It?

Every year, thousands of people become victims of identity theft. While recent developments in telecommunications and computer processing make it easier for companies and consumers to reach each other, they can also scatter your personal information more widely, making it easier for criminals to steal your identity.

Your name, date of birth, address, credit card, social insurance number (SIN), and other personal identification numbers can be used to open credit card and bank accounts, redirect mail, establish cellular phone service, rent vehicles, and even secure employment. Or worse, terrorist organizations could use your information to create identities for their members.

The Canadian Federal Trade Commission reports that roughly every 19 minutes, a Canadian falls victim to identity theft. It's a $53 billion problem right now in Canada, and it's growing exponentially. In 2001 there were 500,000 reported cases of identity theft, jumping to 800,000 in 2002. And this year, it's expected that over 1 million people will have experienced a security breach of some consequence. And the damning thing is this: most of us literally give that information away.

Here's how to fight it:
• Be careful about sharing personal information or allowing it to circulate freely.
• When you're asked to provide personal info, ask how it will be used, why it's needed, who will be sharing it, and how it will be safeguarded, right down to the store clerk who asks your name and address when buying a package of batteries.
• Give out no more than the minimum, and carry the least possible with you.
• Be particularly careful about your SIN; it's an important key to your identity, especially in credit reports and computer databases.
• Keep or destroy those electronic hotel 'door key' cards instead of handing them back to the front desk when you leave. They contain a whack of personal info, including your credit card number.
• Don't transmit sensitive information over insecure internet connections.
• Watch for bills and statements that arrive late, or stop arriving altogether.
• Do an annual search of your own credit history, and always reconcile your bank and credit card statements for inconsistencies.

Are you a victim of identity theft?
You may never know you've been 'cloned' until you apply for a credit card or a loan, only to find you've been declined, even though you thought your credit is good. Someone may have already ruined your credit, posing as you while running up all sorts of debt that you may be responsible for paying back.

• Report the crime to the police immediately. Ask for a copy of the police report so that you can provide proof of the theft to the organizations that you will have to contact later.
• Cancel your credit cards and have new ones issued.
• Have your credit report annotated to reflect the identity theft. Do a follow-up check three months after to ensure that someone has not tried to use your identity again.
• Close your bank accounts and open new ones. Insist on password-only access.
• Get new bank machine and telephone calling cards, with new passwords or personal identification numbers. In the case of passport theft, advise the Passport Office.
• Contact Canada Post if you suspect that someone is diverting your mail.
• Get a new driver's licence.

For more information on identity theft and other personal security issues, visit the website of the Privacy Commissioner of Canada: www.privcom.gc.ca

Currently Online @ highwaySTAR

Our Driving Forces Truckers Pull Together Safety Blitz