You Should Read LinkedIn's New Privacy Policy Carefully

Uploaded on 2017-05-05 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

He who pays plays. That seems to be the underlying thought behind LinkedIn’s new privacy policy and user agreement, both of which were updated last month.

And it’s an important thought to remember before you use your employer-paid-for LinkedIn account to investigate and/or apply for jobs with your company’s competitors. (Note: The changes aren’t slated to go into effect until June 7.)

“You own your LinkedIn personal account, but we clarified that when others (such as your employer) purchase premium features for you to use, in addition to having the right to stop your access to those premium features, your employer also gets access to reports on your usage of those premium features,” LinkedIn said.

“If the services were purchased by another party for you to use (e.g. Recruiter seat bought by your employer), the party paying for such service has the right to control access to and get reports on your use of such paid service.”
Later on, the privacy policy appears to exclude job hunting from the data shared with an employer. “We understand that certain activities such as job hunting and personal messages are sensitive and so we do not share those with your employer unless you choose to share it with them through our Services (for example, by applying for a new position in the same company or mention your job hunting in a message to a co-worker through our Services).”

That means that users need to be extra careful before clicking on the standard agreements, to make sure that they’re not reflexively agreeing to share job-hunting details with their current paycheck-generator.

Another thing to consider, which wasn’t addressed in LinkedIn’s new documents, is whether you are sharing information that might violate your employer’s default confidentiality agreement.

When you sign a confidentiality agreement, there is rarely an exception for LinkedIn bragging. For that matter, there’s also not an exception for such detailed bragging in a job interview, but at least most job interviews aren’t transcribed and then posted for search engine spiders. Just a thought.

Back to the LinkedIn changes. Most of the changes were standard fare, but a few were worth noting. This passage from the user agreement summary, for example, might be awarded Best Hypocritical Oath: “We added that our restriction against creating a false identity on our Services is not waived just because LinkedIn may rarely allow a clearly fictional profiles in connection with a promotional campaign that it has approved.”

This next policy is understandable, but the phrasing still has that “take your ball and go home” quality: “If you object to any changes, you may close your account.” How nice of LinkedIn to give its customers permission to leave.

But if you do choose to leave, do you think your data will be wiped? Think again. “We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfill your request to unsubscribe from further messages from us.”

Given the catch-all “enforce our user agreement,” it’s probably not safe to assume that anything will ever be deleted. Just adhere to the primary social media law and you’re fine: If it’s embarrassing in any way, assume it’s permanent.

Then there is the reminder of all of the ways LinkedIn will track you forever more.

“If you opt to import your address book, we receive your contacts (including contact information your service provider(s) or app automatically added to your address book when you communicated with addresses or numbers not already in your list). If you sync your email or calendars with our Services, we will collect your email header and calendar meeting information (e.g. times, places, attendees and contacts). We receive personal data about you when you use the services of our customers and partners, such as prospective employers and applicant tracking systems providing us job application data,” the new privacy policy said.

“We log usage data when you visit or otherwise use our Services, including our sites, app and platform technology (e.g., our off-site plugins), such as when you view or click on content (e.g., learning video) or ads (on or off our sites and apps), perform a search, install one of our mobile apps, share articles or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use. We use cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s) is on, off and across different Services and devices.

“When you visit or leave our Services (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device will send us data about your location.”

To be fair, this is not even close to the worst privacy policy. But given how much data many IT people pour into LinkedIn, and, yes, LinkedIn messaging absolutely counts, it’s definitely worth a sober read.

Computerworld

You Might Alos Read: 

Russia To Block LinkedIn:

Social Media & The New Advertising Model (£):

EU / US Privacy Shield Affects Your Organisation:

 

 

« How A Cyber Attack Transformed Estonia
Police Take To The Air With Connectivity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Exodus Intelligence

Exodus Intelligence

Exodus Intelligence are an industry leading provider of exclusive zero-day vulnerability intelligence, exploits, defensive guidance, and vulnerability research trends.

IntelliGO Networks

IntelliGO Networks

IntelliGO Networks is a cybersecurity company focused on Managed Detection and Response (MDR).

Redicom

Redicom

Redicom is an independent consulting agency focusing on identity management, strong authentication and single-sign-on.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

Lepide

Lepide

LepideAuditor is a powerful Data Security Platform that enables you to reduce risk, prevent data breaches and prove regulatory compliance.

National Cybersecurity Society (NCSS) - USA

National Cybersecurity Society (NCSS) - USA

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

Adzuna

Adzuna

Adzuna is a search engine for job ads used by over 10 million visitors per month that aims to list every job everywhere, including thousands of vacancies in Cybersecurity.

SAP National Security Services (NS2)

SAP National Security Services (NS2)

SAP NS2 are dedicated to delivering the best of SAP innovation, from cloud to predictive analytics; machine learning to data fusion.

TOTM Technologies

TOTM Technologies

TOTM Technologies provides end-to-end identity management and biometrics products, powering Digital identity and Digital onboarding solutions.

PureSquare

PureSquare

PureSquare exist to empower people with simple solutions for their increasingly complex digital security & online privacy needs.

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.

DataProof Communications

DataProof Communications

DataProof Communications is Cybersecurity Company specialising in cybersecurity operations, incident management and response best practices and technologies.

Benchmark Executive Search

Benchmark Executive Search

Benchmark specializes in finding elite talent for startup, emerging-growth and mid-cap companies offering game-changing technologies or innovative services to the federal and commercial markets.

Xiphera

Xiphera

Xiphera designs and implements proven cryptographic security for embedded systems.

Crisis24

Crisis24

Crisis24 is a leading integrated risk management, crisis response, consulting, and global protective solutions firm.