Résumé Risks

Subscribers to listservs and less formal email broadcasts receive many emails with attachments. Most email users know that attachments from other email accounts can contain viruses, worms, Trojan horses, pictures of kids or kittens, and various other malware. However, few realize how hazardous it is to send files out. Today a résumé came in an email that went to about 100 addressees. The sender was trying to help a colleague or friend find a job, but sending a résumé out in an e-blast is extremely dangerous for the subject of the résumé. There is a lot of personal information that could be used to steal the person’s identity. The résumé that came today included a home address and telephone number, dates of attendance at a school, and a detailed employment history. Even a person with rudimentary research skills would be able to dig up such vital information such as the exact birth date and place, mother’s birth name, and at least a partial Social Security number.

Sending a file to 100 email addresses is about as bad as sending it to a million. The way email users accidentally hit and send email to the wrong recipients, any given email could find its way to a scammer in Somalia as easily as to a hiring agent in Hammond. It is much safer to describe the person in the body of an email and ask for potential employers to contact the candidate or you. Another alternative would be a redacted resume, although attaching a redacted resume is still dangerous. Who knows what metadata might be attached to the file?

Metadata is data that describes other data. For any given file this can include authorship, date of creation and modification. Even earlier drafts, showing what was redacted, may often be extracted and read. If a résumé is redacted, but the file is forwarded to a recipient without being properly stripped of metadata, it is likely that the recipient can recover all of the redacted data — and more. It may save time to adapt a document for one client or customer to create a document for a different client, but if the new document is sent as an electronic file, there may be a serious breach of confidentiality.

For document safety, always start with a new document. If you are copying a portion of another document, use . That should avoid importing most of the metadata attached to the pasted text. Before sending a Word 2010 document, go to and strip the information that should not be shared.

I suggest sending out as few attachments as possible, particularly when the same information could be put in the body of the email. Any document that you attach to an email could have attached metadata that would compromise your security or that of your company. Unless you have a stringent protocol to strip metadata from emailed files, you have a serious security lapse. This should be unacceptable for anyone who handles confidential files.


John B. Payne, Attorney
Garrison LawHouse, PC
Dearborn, Michigan 313.563.4900
Pittsburgh, Pennsylvania 800.220.7200
©2011 John B. Payne, Attorney