Please read if you use Facebook

[RoloAddict]

So this week we had a new IT manager start in our department at work. Met him for the first time yesterday.. Today was called into a meeting with him along with other staff. He then proceeded to reveal that he'd taken a look at each of our Facebook profiles the previous evening. What he revealed about mine was shocking . By using my Facebook profile and nothing else but good old Google (he proved this by showing us how he did it) he had managed to find out..

My full address including house number!
My DHs full name
My maiden name
Our wedding date
My Dd's names, dates of birth and the sports club they attend.
My stepdaughters name and the school she attended
That I have a stepson.

Needless to say I was horrified. This man was a virtual stranger. We had no mutual friends and I'd never met him until yesterday. I've obviously changed my privacy settings entirely since then. Before I just assumed they were set so that only friends could view them. Can I PLEASE remind and encourage all of you (plus family and friends) to check your settings throughly. We were lucky this time that the person in question didn't mean us harm but it's been a huge wake up call.

to be honest I don't really know why any of these records need to be online but that's a whole separate conversation.

Obviously they don't "need to be online" but these sites can put them online because they are public records and then they can charge people to access them. People will pay to do family trees etc. I've noticed that 192.com even profit by charging people to find out who is looking at their records.
They could make a law to prevent it happening, I suppose but I'm not sure how it would work considering the hard copies aren't private anyway. You can also order a copy of anyone's birth/death/marriage certificate too. Nothing is private.

but what I'm puzzled by is why the maiden name is attached to it? I only looked because of what posters said about bank security.

I think is is because the maiden name will be the one on the mother's birth certificate. I think (although am not sure) it is still the mother's "real" name.

To the people asking why people use their real name on FB - I know lots of people who used to use nicknames/faked adjusted names, until there was a campaign a couple years ago to enforce their "real names only" policy.
This then resulted in an easy way to bully someone - report them for not having what looked like a 'real name', FB would ask for a birth cert or similar, and suspend their account until that was done. So many people started using real names and using FB as a much more self-censored space, moving their flirting or matey chat elsewhere.

I use my real name (v unusual, 1 other in the UK) but a fake DOB. Before getting my current job I asked friends to search me online to see what they could scrape up, and it took a couple goes to upgrade my FB settings to ensure everything was private that should have been.

OMG, people online are so much nicer & more sensible when they use real names. I rather wish we could all go back in time and only be able to use our real names (though I don't care about fake DoB, am still failing to see that as a problem if it is known). Aliases create many more problems than they solve.

There's almost nothing my FB says (or my prabook entry says) that isn't available from public documents & my linked in profile (& my workpage profile). The point of Linkedin & the workpage is to be publicly accessible).

I’ll say no more other than just don’t put anything on the internet you wouldn’t be happy sharing with the police or your mother!

Having your mother (and your husband's grandmother) on FB is very good for moderating what you post.

Having your mother (and your husband's grandmother) on FB is very good for moderating what you post.

And your great-aunts too - works for my children. On FB anyway. Not so sure what they're posting elsewhere*.

• they are sensible, and they have been warned.

Don't panic or get outraged. Just recognise that Facebook is a noticeboard. And don't put stuff on a noticeboard that you don't want people to see. Private email is available.

I never share my address, family birthday celebrations etc. And only my profile pic is set to public. Otherwise you're setting yourself up for all sorts of identity fraud and also that you have kids at a certain school (and they know all about you so could easily persuade a kid they know you).

You have a point, if lots of things are made public then what about privacy? I look at Facebook to see what's going on but have never put pix on and have no profile picture. From time to time Facebook contact me and suggest putting a picture on but my friends already know what I look like and no-one else needs to know.

Although I do agree the stuff you’ve posted on Facebook to give away that info is a bit naive, I think you’ve learned a valuable lesson and are wise to share it with others. Your IT manager sounds pretty awesome too!

@Dungeondragon15

Thanks. Still a bit confused though.

in fact - I hope OP won't mind me asking this here rather than start a separate thread - I am wondering why the prabook thing exists - I've just found family information on there for a relative who isn't able to even use a computer!! She certainly would not have been able to give permission for her whole life history to be on there.

Also, why is the birth/marriage/death stuff all listed online in the first place? Is it just that someone is making money out of it?

My LinkedIn in is invitation only but I'm now thinking of deleting it completely.

@Dungeonsanddragons

"They could make a law to prevent it happening, I suppose but I'm not sure how it would work considering the hard copies aren't private anyway. You can also order a copy of anyone's birth/death/marriage certificate too. Nothing is private."

sorry, I saw your second post first! This strikes me as another reason why we need a privacy law. Why should all those records be online? It's one thing for someone to have to physically travel to a public record office if they really need access to these, but why should they be online for people to just nose through? I'm confused.

why is the birth/marriage/death stuff all listed online in the first place

That info is from Legal documents.
if it's available to search for a fee or in a legal office, then it may as well be more freely available.

Prevent bigamy.
Confirm identity (if you go to source provider, not data cullers like Prabook).
Reduce identity theft (after death).
Make it easier to demonstrate that someone died (if required, like for heirs after death).

Helpful for family history & finding old friends/lost family.

What is that website that says purchase price of all homes in England?
My dad's property taxes & speeding tickets are legal documents where he lives.

In Scandanavia a summary of your tax return is a legal published document.

I'm not in the group who sees a problem with any of this, mind.

On my first day at my current job they sat me down and showed me my FB profile. I was shocked at how much was revealed - I thought I'd had it locked down pretty well. We work with vulnerable people with substance abuse problems, and I was told to sort out my FB profile before I was allowed anywhere near a work computer.

The 'IT Manager' was not doing his job well. I'm a solicitor in house at a multi-national. If someone in our IT function had collated personal data of our employees and turned it into some sort of learning exercise by presenting it back to the employees at work I'd be very uncomfortable indeed as this would be seen as an act of the Company.

Someone upthread mentioned GDPR but spectacularly missed the boat - from 25th May all companies with EU dealings need to know exactly what information they hold about employees, have a legitimate reason for holding it and the ability for the employee to request such information and also for it to be deleted. It also must be held securely. Any procuring and handling of personal data must be dealt with so so carefully. I'm appalled at the actions of the IT Manager and whilst the OP may not be concerned, if I was the company I'd be bracing myself for complaints and enquiries from other employees. (Personal data can be something as simple as a name so this gathering of information undoubtedly falls within the remit of GDPR.)

IT security in a work environment can be taught effectively without collating the personal data of employees from online sources. If there was an acknowledged 'need' or request for training about personal IT security he could have explained the steps to take to check for yourself without gathering and distributing all of the information.

He'd be on a written warning minimum if he worked for us. I'd also be urgently revising and updating data protection/GDPR training.

lljkk "if it's available to search for a fee or in a legal office, then it may as well be more freely available."

I can't see that argument at all. Surely people are less likely to pay a fee or search if they are after the information in order to create identity fraud? Why should it be "more" freely available?

Prevent bigamy - surely there are other ways that this gets checked?= without putting everyone's info online?

Also, the info I've found about a relative is all personal. It's not anything anyone would need legally. I can't see why anyone would need that. (I'm also quite horrified because someone somewhere - or the prabook people - must have gone through a lot of very old paper records to get some of that information and I'm wondering why).

surely the only legally acceptable way to demonstrate that someone died is the death certification or someone from the relevant office confirming it, not just a record on a computer which someone might have created anyway?

OMD that prabook thing has pissed me off.

It isn't just FB. You can look for people's addresses online using 192.com and the electoral roll. It cost me £50 and about 20 minutes to find out my husband's new address after he disappeared, a search which also revealed that his co-habitee at the new property was a woman who lived down the road and disappeared at the same time. This is the digital age.

The st Catherine house index was put on line by volunteers transcribing and large companies to make money

Bigamy isn’t checked, it’s a criminal offence

If you say your divorced then a decree absolute is produced as proof but you can’t provide that if you are single, but luring is perjury

Many birth certificates are probably just that with fictional information...

Herether- what part of data protection has the IT broken? If all the information was made freely available by each of the members of staff and the information given to each of them, what part of the data protection act has he breached?

ivykaty now that the Company has collected the data they have ongoing obligations to ensure it was necessary to collect it (it wasn't) it can be referred back to, deleted and it is held securely (well it's been reproduced on paper and handed out...) so the company will have a hard time being GDPR/data privacy compliant if they have IT Managers and other staff behaving like this.

Employees simply should not do this.

I couldn't care less if random people on the Internet knew any of this information posted in the OP. possibly with the xception of extracurricular activities attended by my kids which I would not post online anyway.

This is all stuff that would have been well-known to any village nosey parker back in ye olden days.

That's why I don't do social media....

I thought the information was placed in an envelope addressed to the person the information conserned, electronic copies the person knows about anyway as they placed them online

ivykaty we don't know where the information that the company collected is though do we? Could be on the local drive of the IT Manager, or the central system, or a USB stick. The fact there are also original versions of it online is not relevant. The Company has now collected that data and could, until proven otherwise, still be holding electronic copies of it somewhere. In which case it has to abide by the law in terms of that data...... which is why companies need to be very very careful about ANY personal data they collect.

I qualified as a teacher a few years ago and the local authority IT guy did this to us new teachers on our induction day. Loads of info from our social media/google. A way of shocking us in to sorting it out before kids or parents used it against us.

plus
don't put all your personal info on there