When applying for a healthcare job, I expect that acceptable data for a potential employer to collect would include such things as prior employment history, educational history, email address, etc. And I certainly believe in many healthcare jobs, background checks are also warranted.
But, here is some of the information one large healthcare organization informs you it may decide to also collect when applying for a job—which, among other things—may be “useful for us to conduct our business, so long as such use is permitted by law”:
- internet protocol (IP) address
- voice prints
- palm prints
- fingerprints
- search history
- browsing history
- face scans
- iris scans
- information regarding a consumer’s interaction with an internet website, application, or advertisement
- insurance policy number
- personal property
- medical information or health insurance information
- Internet Activity Information
- Geolocation data including audio, electronic, visual, thermal, olfactory information
- Inferences drawn from collection of other personal information used to create profile about you reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
There are several things that concern me about such a broad list.
First, there is no timeline given. Does the application process allow a future employer access to all this data indefinitely?
Second, the inclusion of “olfactory information.” implies to me that the employer is trying to cover the acquisition of any current or future data which they can associate with you, including data for technologies that yet likely don’t exist.
Third, the comment about “Inferences drawn from a collection of other personal information“suggests they feel comfortable combining any data which you provide with any other data they have on you in order to create a psychological profile on you.
Fourth, and perhaps most importantly, the implication that this employer feels that the act of applying gives them the right to any piece of data about any conceivable aspect of an applicant’s life, to do whatever they want unless explicitly not permitted by law.
Anyway, I sense that the real reason healthcare corporations love to talk about what they do with HIPAA and DEI is because they don’t want to talk about data grabs like this.