You Should Read LinkedIn's New Privacy Policy Carefully

He who pays plays. That seems to be the underlying thought behind LinkedIn’s new privacy policy and user agreement, both of which were updated last month.

And it’s an important thought to remember before you use your employer-paid-for LinkedIn account to investigate and/or apply for jobs with your company’s competitors. (Note: The changes aren’t slated to go into effect until June 7.)

“You own your LinkedIn personal account, but we clarified that when others (such as your employer) purchase premium features for you to use, in addition to having the right to stop your access to those premium features, your employer also gets access to reports on your usage of those premium features,” LinkedIn said.

“If the services were purchased by another party for you to use (e.g. Recruiter seat bought by your employer), the party paying for such service has the right to control access to and get reports on your use of such paid service.”
Later on, the privacy policy appears to exclude job hunting from the data shared with an employer. “We understand that certain activities such as job hunting and personal messages are sensitive and so we do not share those with your employer unless you choose to share it with them through our Services (for example, by applying for a new position in the same company or mention your job hunting in a message to a co-worker through our Services).”

That means that users need to be extra careful before clicking on the standard agreements, to make sure that they’re not reflexively agreeing to share job-hunting details with their current paycheck-generator.

Another thing to consider, which wasn’t addressed in LinkedIn’s new documents, is whether you are sharing information that might violate your employer’s default confidentiality agreement.

When you sign a confidentiality agreement, there is rarely an exception for LinkedIn bragging. For that matter, there’s also not an exception for such detailed bragging in a job interview, but at least most job interviews aren’t transcribed and then posted for search engine spiders. Just a thought.

Back to the LinkedIn changes. Most of the changes were standard fare, but a few were worth noting. This passage from the user agreement summary, for example, might be awarded Best Hypocritical Oath: “We added that our restriction against creating a false identity on our Services is not waived just because LinkedIn may rarely allow a clearly fictional profiles in connection with a promotional campaign that it has approved.”

This next policy is understandable, but the phrasing still has that “take your ball and go home” quality: “If you object to any changes, you may close your account.” How nice of LinkedIn to give its customers permission to leave.

But if you do choose to leave, do you think your data will be wiped? Think again. “We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfill your request to unsubscribe from further messages from us.”

Given the catch-all “enforce our user agreement,” it’s probably not safe to assume that anything will ever be deleted. Just adhere to the primary social media law and you’re fine: If it’s embarrassing in any way, assume it’s permanent.

Then there is the reminder of all of the ways LinkedIn will track you forever more.

“If you opt to import your address book, we receive your contacts (including contact information your service provider(s) or app automatically added to your address book when you communicated with addresses or numbers not already in your list). If you sync your email or calendars with our Services, we will collect your email header and calendar meeting information (e.g. times, places, attendees and contacts). We receive personal data about you when you use the services of our customers and partners, such as prospective employers and applicant tracking systems providing us job application data,” the new privacy policy said.

“We log usage data when you visit or otherwise use our Services, including our sites, app and platform technology (e.g., our off-site plugins), such as when you view or click on content (e.g., learning video) or ads (on or off our sites and apps), perform a search, install one of our mobile apps, share articles or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use. We use cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s) is on, off and across different Services and devices.

“When you visit or leave our Services (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device will send us data about your location.”

To be fair, this is not even close to the worst privacy policy. But given how much data many IT people pour into LinkedIn, and, yes, LinkedIn messaging absolutely counts, it’s definitely worth a sober read.

Computerworld

You Might Alos Read: 

Russia To Block LinkedIn:

Social Media & The New Advertising Model (£):

EU / US Privacy Shield Affects Your Organisation:

 

 

« How A Cyber Attack Transformed Estonia
Police Take To The Air With Connectivity »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CORDIS

CORDIS

CORDIS is the European Commission's primary public repository and portal to disseminate information on all EU-funded research projects and their results.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

Red Balloon Security (RBS)

Red Balloon Security (RBS)

Red Balloon Security is a leading embedded device security company, delivering deep host-based defense for all devices.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

Slovenska Akreditacija (SA)

Slovenska Akreditacija (SA)

Slovenska Akreditacija (Slovenia Accreditation) is the national standards accreditation body for Slovenia.

ENLIGHTENi

ENLIGHTENi

ENLIGHTENi are the platform to develop next-gen talent in Technology, Risk, and Cybersecurity. Our mission is to develop next-gen talent through challenge-based learning and team collaboration.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

EMnify

EMnify

EMnify is a Software-as-a-Service (SaaS) company, revolutionizing cellular Internet of Things (IoT).

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

Ultra Intelligence & Communications (Ultra I&C)

Ultra Intelligence & Communications (Ultra I&C)

Ultra Intelligence & Communications provides critical, tactical capabilities that inform decision making in the most challenging environments.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce has partnered with Purdue University and Carnegie Mellon University to create the Rolls-Royce Cybersecurity Technology Research Network.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.

Galvanick

Galvanick

Galvanick enables your operations and IT teams to protect your industrial systems and networks against digital threats.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.