Article main image
Feb 7, 2018
This article is part of a series called Editor's Pick.

DISCLAIMER: All information in this article serves as examples only; the author of this article wishes to point out topics connected with data privacy and moral dilemma that most sourcers face every day. The opinions expressed here are my own and do not represent those of my employer. If you use any of this information obtained through these strings, YOU are responsible for compliance with applicable local laws. The information provided is not any form of advice. Decisions based on this information are made on your own account and at your own risk.


It is not a secret that talent is hard to find these days. Recruiters and sources are constantly pushed by their managers, hiring managers and KPIs to deliver quick results. There is a constant level of stress that will push some of them to do things they were not willing to do a few months ago. The constant pressure is still there.

So, having all this in mind, there is the question of how far you are willing to go when it comes to finding the right candidates or checking their backgrounds. In an era when information abounds, and it is not complicated to find a lot of details about a particular person, there is a thin line between finding the data that interests you and violating someone’s privacy.


Candidates’ Data

How can you find more information about a potential candidate? The answer to this question is very simple. You always have social media and the profiles people create on such platforms, acting like timelines of their lives everybody can see. But are you willing to take the risk of snooping around, looking through someone’s private information? While it may be useful, to a certain degree, to know details about someone’s hobbies and interests, this can represent a problem if a candidate you refused feels as though they’re being discriminated against and files a lawsuit in this matter.

It may help you to know that a high number of companies have strict rules when it comes to looking at someone’s private profile on social media, precisely because of the previously mentioned reasons. Still, it is not uncommon for companies to check their potential employees or team members extremely carefully and by any means possible. But, if that person doesn’t own a professional profile on platforms like LinkedIn, it is a risky task to gather information by using social media.

Leaving aside social media, some employers like to check a candidate’s background by calling the companies where they used to work. But instead of talking to the manager, some employers prefer talking to their peers. They believe that this way they will have more insight into the real performance, work ethic, and behavior of a particular person, instead of focusing on the statistics and plain information provided by a manager.

We all have tons of tools that we use for our work, and the best part about technology is that we all have access to a wide variety of information. Modern ATS systems or some sourcing tools will reveal candidates’ accounts on other social sites just with one click. Recruiters can check Facebook, Twitter, Instagram and other accounts of their candidates directly from their ATS. They don’t have to spend time searching for them. And if you have everything served on a silver platter, the only thing you need to do is just click and visit these other accounts.

And the worst part is that most people don’t know what to do to protect their private information on these social networks. So, without too much effort, you can find unexpected information about many people. But is what a person does in their free time relevant to the job? If yes, is it worth violating someone’s personal space? And, last but not least, how will your decision-making process be affected if you find out some details you didn’t expect?

It’s important to keep in mind that if you snoop around profiles of your candidates for other companies and recruiters, you are their possible candidate. And they are snooping around your profile as you do for your candidates.


How Far Are You Willing to Go?

We all have some boundaries that we are not planning to cross. For some sourcers, the “no-go zone” is Facebook because they consider Facebook to be a private space and they are not reaching people through that site. For others, the boundaries have different limits; they don’t have a problem using tools like when they are trying to find information about candidates and some sourcers/recruiters don’t have any limits if they get the results or money from it.

The question that you should ask when you are sourcing for candidates on Google or somewhere else is, “How far I am willing to go?”

The best way to answer it is through examples.

1) Resumes and contact details

I think this one is a no-brainer; we all are doing that all the time. It’s part of our job to try to find any contact detail that we can use to contact our candidates.

2) List of users, attendees

Finding the list of attendees of various events is also part of the daily job of every recruiter and sourcer. A simple string will find what you want very easily.

filetype:xls (“Key Account Manager”) (contacts OR participants OR directory OR attendees) (name OR phone OR email OR e-mail)

3) Data from competitors and agencies

Not every company can prevent leaks, some of them are caused by hackers, but most are caused by internal employees. When you are searching for new candidates, your string will often find candidates or internal documentation stored on cloud storages that are accessible through Google.

So every time you source, are testing new ways how to source or trying to develop new methods, you will discover some of these files from agencies or competitors.

The question is: Are you going to use them, or you will inform that company/agency that their internal data is accessible on the internet?

4) Access other accounts

Google and other engines are storing so much information that could be easily misused by attackers. Tools like Gooscan, Goolag, etc. help hackers to gain access to that type of information. Sourcers are not using these types of automatization tools, but they are using Boolean search strings, and some strings are quite powerful yet still quite simple.

A simple string could find you access to various services.

filetype:xls username password email

Or exported email accounts.

filetype:pst exported email addresses

If you find this data are you going to use it? And what if somebody gives you 100+ examples of these strings, are you going to try them and use the info?

5) Use the data from the data breaches

Every year hackers leak millions of users’ information from databases—their email address, personal information, etc. During a LinkedIn data breach, around 117 million emails and passwords were leaked. These types of databases could be an interesting source of data about potential candidates, and they are not hidden only on the Dark Web. Some sites are offering anybody the chance to download them or buy them.

But if you acquire this leaked database information, are you going to use it or not? And what if it’s not legal?

6) Backdoors, Bugs

All systems and programs have bugs, we read about them every month, and ATSs are also not immune to these flaws. They also have bugs and errors, and some of these bugs are more critical than others.

What if somebody tells you (or you find out about it during sourcing) that one specific ATS has a critical flaw that could give you access to all of their candidates that are stored there? You can get access to the millions of candidates across the globe that are stored there.

Are you going to access it? Is it worth the risk? Even if this could get you into jail if somebody found out about it?



We all are facing the dilemma of how far we are willing to go to find the right candidate, meet our KPIs, etc. But we all should draw a line that we will not step over.

While digging for more information about candidates can be helpful, it can also be rather disappointing. Just consider that it would be a shame to find out that a potential candidate used or uses drugs or if there were any criminal allegations in his or her background. Of course, if you find out details that may indicate that a person might turn into a threat for the rest of your employees you will feel grateful for knowing these details before hiring the person.

But other private details you may find out, like sexual orientation, political views, religious beliefs, and so on, should not influence you in making a decision when it comes to who to hire. Also, be very careful what methods you use and how far you are about to go because violating someone’s privacy is a very severe deed. You also need to consider that every country has a privacy law, so keep this in mind.

If you find some sensitive information about candidates (with their national number or any sensitive information) or internal documentation from agencies etc. you always have a choice: Use the data to your advantage or inform that agency/company about it.

Only you need to decide what you’re going to choose and what you are going to do when you discover some sensitive information.

Be smart when choosing your strategy and consider whether it is a good thing to pick through someone’s private information or sensitive information from other companies/agencies.


How far are you willing to go? 


This article is part of a series called Editor's Pick.
Get articles like this
in your inbox
Subscribe to our mailing list and get interesting articles about talent acquisition emailed weekly!