LinkedIn employee accused of misuse of data

Data Protection Commissioner investigates allegation that woman’s information was used to further private complaint

Data Protection Commissioner Billy Hawkes. An investigator from the commissioner’s office has written to the person who made the complaint indicating the matter will be raised with LinkedIn.  Photograph: Dara Mac Dónaill
Data Protection Commissioner Billy Hawkes. An investigator from the commissioner’s office has written to the person who made the complaint indicating the matter will be raised with LinkedIn. Photograph: Dara Mac Dónaill

The Data Protection Commissioner is investigating a complaint that an employee of online networking company LinkedIn allegedly accessed personal details of one of its customers to further an issue he had with the firm where she worked. The complaint was made by a senior employee of a telecommunications company, who received a private message on her LinkedIn account from a person working in the social network company, seeking her help with a problem with his contract.

He had no professional or personal connection with the woman and he was not in her network of online contacts.

In the private message, seen by The Irish Times, a person with a LinkedIn job title and email address apologises for contacting the woman but asks her to "escalate" his issue to the chief executive of the company she works for as she is "the point of contact" on the matter.

Privacy ‘violated’

READ SOME MORE

She said she objected to her information being used in this manner and she felt her privacy had been “violated”.

Following a complaint to LinkedIn, the company told the woman it had carried out an internal investigation.

It said the staff member concerned had only been able to contact her because he had privately paid for a premium service allowing him to send private messages to any user.

It said the person in question was not aware of her surname or her role in the company she worked for.

However, separate correspondence received by the customer service department of the woman’s company from the same individual on the same date uses both her surname and title.

“It is quite obvious that LinkedIn has not taken my complaint seriously and has changed the outcome of their own internal investigation based on the evidence provided to them,” the woman said.

LinkedIn takes the view that its product is designed to provide individuals with a professional networking profile online and to enable them to be contactable.

However, it allows individuals to keep certain details of their profile private and visible only to those they have allowed to connect with them.

‘No breach’

A spokesman for LinkedIn said: “We take the security and privacy of our members very seriously. Any suggestion of a breach is of great concern to us and, in this instance, a full internal investigation found no breach of member data, or misuse of the LinkedIn platform.”

He said the company had security and data policies “which prohibit the misuse of LinkedIn data by employees”.

“It’s important to note that only publicly available LinkedIn tools were used in this instance and no data was accessed inappropriately,” he said.

An investigator from the office of the Data Protection Commissioner has written to the person who made the complaint indicating the matter will be raised with LinkedIn.

The US company established its international headquarters in Dublin in 2010, employing about 70 people.

The following year it announced the creation of an additional 100 jobs here. LinkedIn says it has more than 160 million members in more than 200 countries.

* LinkedIn now has a banner on its homepage indicating it published a revised privacy policy and user agreement on May 13th. It advises customers that their continued use of the service mean they agree to these revised documents and urges them to read and understand them.

*This story was updated on Thursday, May 16th, 2013 to include additional information.