WHY WE NEED TO STOP PEOPLE HIDING BEHIND THE PRIVACY ACT

Executives at some prominent Australian organisations who falsely claim to have university degrees could be using the Privacy Act to protect them from being found out.

Australian universities need to urgently change their policies and confirm whether people applying for jobs, citing a degree qualification, actually have the degree they claim to have or if they have even been a student at that university.

At present universities cite the Privacy Act and cannot verify a degree claimed by a job seeker, or even confirm if that person attended the university.

The issue is set to explode again when news gets out that a senior executive officer of a significant Australian organisation does not have the qualifications he claims to hold.

In the majority of due diligence cases conducted for clients there is an issue with false credentials and I know of many cases that are not yet public but may well be public eventually. It’s a much bigger problem than people may realise.

The majority of cases are not sinister, and in the majority of cases, people have failed to update their profile to indicate that the course started was not completed.

However, there are also plenty of examples of people stealing credentials to secure a position.

The Internet is awash with websites and links to sites where people can create or obtain fake university diplomas, and HR departments were increasingly fielding applications from people whose credentials may seem perfect for the job – but are not verified.

Over the years there have been high profile examples of CV rorters. In 2002 John Davy, hired as chief executive of the Maori Television Service (MTS) in New Zealand was fired six weeks later for fraud, and later jailed for eight months.

A media inquiry into his background raised questions about his role as a member and adviser to the BC Securities Commission in Canada, his Master of Business Administration degree, and two books he was said to have written.

Mr Davy had submitted a copy of his MBA “from the Ashland School of Business at Denver State University”. Subsequent inquiries found Denver State University did not exist. The university name and the school on Mr Davy’s degree certificate were, however, used on counterfeit credentials sold over the internet.

More recently, in 2014, Australia was enthralled by the saga of Andrew Flanagan who landed a $400,000 package as the iconic department chain Myer’s general manager for strategic and business development, a position based on an impressive CV in health, retailing and commerce and impressive referees.

The trouble was, it was all faked.

There’s a caution to all of those that are faking or stealing credentials. When it is obvious that the person does not have the credentials claimed, such as them claiming they have Masters Degrees when they do not have the required undergraduate degree, they are not protected by confidentiality agreements, because the information is open to the public. The information is not a trade secret.

So when the person attempts to silence those on the inside of the business, through settlements that include confidentiality clauses, they need to understand that confidentiality agreements will only protect them so long as the material stays confidential. If people simply work out, or deduce the person cannot have those credentials, then they can’t hide behind confidentiality.

They should know that once it becomes public they are stealing credentials, in this day and age it is almost impossible to remove things from the internet and it would likely be detrimental to their future career. It will blight them through their working life.

They will often cite their stolen credentials to land a role, and then not cite the credentials again. But the days of using that technique in the hope the information will be buried are gone.

As proof, the examples of John Davy and Andrew Flanagan were easily found with a simple Google search.

HR departments can’t afford to take at face value the claimed credentials of applicants for high level positions. As we have seen with publicly outed and as yet unnamed examples, faking qualifications is quite an issue as people chase the big corporate level jobs.

Another high profile scandal erupted in America in 2017 when the consumer credit reporting agency Equifax admitted its chief security officer Susan Mauldin – who had stepped down from her job amidst heavy criticism that her company didn’t do enough to prevent a massive data breach – did not have the qualifications for the job.

Ms Mauldin, the top executive handling cybersecurity at Equifax, did not have formal training in technology but had studied music composition at university.

In that year Equifax admitted it had suffered a huge cyber security breach with cybercriminals accessing approximately 145.5 million U.S. Equifax consumers’ personal data, including their full names, birth dates, addresses, social security numbers and driver licence data. Residents in Britain and Canada were also impacted by the hack.

So Equifax had to explain why it put someone with degrees in music in charge of the company’s data security. This is what can happen if executives don’t have the qualifications people think they have.

And for those who watch too many TV dramas I have a thought on that too -“This is not Suits – you can’t hack a system to create credentials”.

There’s been an acceptance that the Privacy Act can be invoked to protect people’s personal information but increasingly it’s being used by job applicants chasing high end positions.

If you claim to have university qualifications your potential employer should have the right to verify that claim. Otherwise people can and do claim all manner of qualifications and could cause mayhem within the organisations employing them.