Swindlers could be harvesting the personal information of jobseekers to commit fraud, a watchdog warned on Monday, after it found privacy breaches involving online job adverts.

The Office of the Privacy Commissioner for Personal Data (PCPD) said it carried out an investigation into JobsDB and eight organisations that used the platform to post "blind ads" – where the identity of those said to be recruiting isn't clear.

"All of the eight organisations that placed the aforesaid blind ads on JobsDB and requested job applicants to submit their personal data to unknown recruiting companies and JobsDB that published the same on its platform were involved in the unfair collection of the job applicants’ personal data, and this constituted contraventions of... the PDPO [Personal Data (Privacy) Ordinance]," the watchdog said.

It added that it has therefore served enforcement notices on JobsDB and three of the organisations, ordering them to take measures to remedy the contraventions and prevent them from happening again. The other five organisations have been sent advisory notices.

Hermina Ng, PCPD's senior legal counsel, said the eight organisations involved businesses in areas including financial securities, apparel retail, Chinese medicine and transport services. But she also warned that some online job adverts may not be legitimate.

"The privacy commissioner would also like to call upon other operators of online recruitment platforms to beware of anyone using blind ads to perpetrate fraud or collect personal data by unfair means and to carefully review recruitment advertisements to identify blind ads and avoid publishing the same in order to protect the personal data privacy of members of the public," she said.

"Blind ads may be used as an unscrupulous means to collect personal data and may be misused by swindlers to collect personal data for fraudulent activities. When jobseekers are unable to ascertain the employers’ identities, they should check and verify the information contained in the blind ads carefully and should not respond to the blind ads arbitrarily and submit their personal data."

Ng also urged employers to increase transparency when placing recruitment adverts, by disclosing their identity.

JobsDB said it has now required all companies to disclose their name and contact information in their advertisements "for the benefit of applicants".

The platform also said the posting of blind ads was suspended in November, and when it resumes from Thursday, employers will not be able to directly access an applicant's personal information without revealing their identity.

"The candidates' personal data that we collect – including their current role, industry, and the types of jobs they look for – is only used in connection with the services we provide, as disclosed in our privacy statement. We do not share personal data with third parties, other than as disclosed in our privacy statement or as permitted by law," it said in a statement.

JobsDB added it took steps to ensure job ads posted were genuine, including by manually verifying anyone placing recruitment adverts.
_____________________________
Last updated: 2024-12-09 HKT 21:44