At my last full-time job, I helped our infra team staged a revolt and some of us threatened to quit when HR announced they had signed up for Equifax's employee verification service about 2 months after Equifax's most recent breach. I'm happy to say that within 3 days HR had stopped using this service.
Why does it matter if it's Equifax or some other company? Employers are still handing over the data.
I take issue with much of the language used when discussing the Equifax breach. It wasn't a breach that Equifax lost my data. It was a breach that Equifax had my data.
Regardless, I don't see replacing one scumbag company for a different scumbag company as really fixing anything. Also this article is nothing more than a PR piece for Truework. Shame on the NYT for publishing such drivel and calling it journalism.
> Why does it matter if it's Equifax or some other company? Employers are still handing over the data.
Because in a just world, Equifax would be disbanded after that fiasco. They shouldn't be running around, offering more data-vacuuming services. GP and their colleagues did their part to send a market signal that they're not OK with the current state of affairs.
Why can't companies use the SSS or IRS, etc., for this kind of verification? Why have to go through a third party to get information back from the government? Where required, they already need to do an eVerify anyhows, don't they?
There really isn't any reason. This is similar to how Turbotax exists even though the IRS could file your taxes for you. I believe this product is even in development at the IRS based on an interview with the US Digital Service IRS team several years ago (although they were primarily targeting mortgage origination firms as customers of this data, think Quicken's Rocket Mortgage product).
TrueWork could move faster than the IRS can internally, but eventually the IRS' product would be canonical with organizations (while at the same time, salary data privacy laws continue to be enacted state by state prohibiting the release of salary data to perspective employers).
They use Equifax because the government has actual privacy policies and requires an individual's permission to release information. The government may also not have offered this exact service (they offer a service to release your entire tax form, but I'm not sure they offer one to release only the salary and employer from your W-2's).
Actually, funny you should ask that. Lately, I have been hearing advertisements on podcasts about the Department of Homeland Security offering such services. They're not offering this as a free service, though. Taxes only pay their salaries. You wouldn't expect that to be sufficient
IRS doesn't have APIs. I've done some work with them, you have to manually upload CSV and download the results hours later. Automating it is against their TOS. For one of the data I get from them, I've the option of getting in printer on paper, DVD or magnetic tape.
> Why would anyone want something outlawing automation in their TOS? Is their 'service' maximizing human effort and minimizing throughput?
It could be that they want to make usage painful to keep control of the data. Automated scraping/bulk downloads would be much easier to detect than TOS violations that occur after the data is downloaded.
For instance, I wish my county recorder's office forced people to manually retrieve property public records rather than providing them electronically. The extra cost would make it unfeasible for data brokers and people search websites to slurp up all the data for resale, while still allowing access for legitimate purposes.
13 comments
[ 3.4 ms ] story [ 41.8 ms ] threadI take issue with much of the language used when discussing the Equifax breach. It wasn't a breach that Equifax lost my data. It was a breach that Equifax had my data.
Regardless, I don't see replacing one scumbag company for a different scumbag company as really fixing anything. Also this article is nothing more than a PR piece for Truework. Shame on the NYT for publishing such drivel and calling it journalism.
Because in a just world, Equifax would be disbanded after that fiasco. They shouldn't be running around, offering more data-vacuuming services. GP and their colleagues did their part to send a market signal that they're not OK with the current state of affairs.
TrueWork could move faster than the IRS can internally, but eventually the IRS' product would be canonical with organizations (while at the same time, salary data privacy laws continue to be enacted state by state prohibiting the release of salary data to perspective employers).
Why would anyone want something outlawing automation in their TOS? Is their 'service' maximizing human effort and minimizing throughput?
It could be that they want to make usage painful to keep control of the data. Automated scraping/bulk downloads would be much easier to detect than TOS violations that occur after the data is downloaded.
For instance, I wish my county recorder's office forced people to manually retrieve property public records rather than providing them electronically. The extra cost would make it unfeasible for data brokers and people search websites to slurp up all the data for resale, while still allowing access for legitimate purposes.