"Equifax flagged 283 contractors for potential 'dual employment,' documents show."
Would this not be a big flag to reclassify these contractors as employees? Being able to have multiple clients is one of the factors to determine if you're a contractor...
In the UK there's a set of criteria (IR35) that attempt to codify the distinction. The hiring business has to make the assessment.
One of criteria is right to subcontract and freedom to work with multiple clients.
If they get it wrong, they're liable for taxes, not the Contractor.
HMRC, the UK tax body is responsible for this, and therefore it is an utter mess in practice and has had chilling effects on the UK IT consulting market.
I think it's a great idea, there's far too many businesses that exploit employees by labelling them contractors.
Of course, idea and execution are two very different things.
In NZ, it's often found in courier companies and telecommunications, where you're an owner-operator! Except you have to do what the company you work for says, when they say, and you have to provide all your own equipment, and of course, pay for your own sick leave, accident insurance and holiday pay. And no you can't work for a competitor, are you nuts?
At one point our tax department started cracking down on this, then stopped, I'm not sure why. But it needs to be done.
And let's not even discuss the infamous Hobbit law, where a right leaning government passed legislation under urgency to make all film industry employees contractors, with no rights to unionise, to keep Peter Jackson (he can get the Sir back when he redeems himself in my mind) and Warner Brothers happy after Jackson's Weta Studios lost an Employment Court case brought by a "contractor" who they very vigorously treated as an employee.
> At one point our tax department started cracking down on this, then stopped, I'm not sure why. But it needs to be done.
Around here (Poland) they tried to focus the crackdown on... contractors, planning on requiring a contractor to have at least 25% of their income from a second client to be considered self-employed and not an employee.
The local IT lobbyists had a hearty laugh about this idea and that was the end of it.
We have a similar rule in Australia that unfortunately was introduced, so called 'personal services income' if you make over 80% of your money from a single source you effectively can't make tax deductions like a business.
Yeah, that's definitely the wrong place to focus - focus on the employers, as they're the ones who reap the benefits of treating employees as contractors.
The thing is that in IT people actually want to be outside of IR35 because being a contractor is financially better for them.
So you see contractor job ads prominently listing "outside of IR35" as a benefit.
When this was implemented I know people who actually quit because they were told they would be within IR35 from then on, and they found new contracts outside of IR35.
In IT/tech people go the contracting route for the money so unsurprisingly they follow the money...
It's just a matter of rates. You need rates a bit higher within IR35. Less so than people think, and even less now that the corporation tax changes are still going through. The biggest problem with IR35 is no longer tax since the gap has become smaller and smaller, but the uncertainty of the classification and the hassle of dealing with an umbrella company.
> I think it's a great idea, there's far too many businesses that exploit employees by labelling them contractors.
In UK (and Aus), this whole IT/dev contracting business is kind of win:win (govt. loses) though - devs like it because they get paid $$$ day rates and pay less tax, businesses like it because... capex vs opex(?).
The US tax authority (IRS) has a similar set of rules; if you can set your hours and working conditions and have your own equipment or tools it justifies not being an employee. There are of course important corner conditions like hiring a contractor who operates some machine you own.
In general, though some people prefer to be contractors, these rules are in place because some employers try to classify de facto employees as contractors to avoid paying taxes or providing required benefits. Google, FB etc have complex contractor rules for their third party contractor agencies to steer clear of that and make sure they save on taxes and benefits.
> if you can set your hours and working conditions and have your own equipment or tools it justifies not being an employee. There are of course important corner conditions like hiring a contractor who operates some machine you own.
Note that security guards can be structured as contractors despite obviously not being able to choose where or when they work. There's a big list of things that "weigh in favor" of one status or the other. There aren't definitive answers unless you've recently won a lawsuit against the government (which always wants employee status for everyone).
The guards are still usually W-2 employees; but they’re employees of the firm that’s been contracted. Referring to them as “contractors” is more a colloquialism, but it marks someone that works for an outside firm versus someone that’s in-house and on the company team, even if they work in the same office day in and day out.
Yeah, there's a big disparity between UK and US terminology here.
I'm the UK, a "contractor" is typically in business on their own account, applying for jobs directly to the end client.
In the US, it seems like a "contractor" frequently works for an outsourcing company. In the UK we'd typically call these people "temps" or "consultancy staff" depending on the source.
It's Temp/Vendor/Contractor lumped together as "people who work here but allegedly aren't legally employees of thia company, so we can deceive about all the great benefits "all" our "employees" get.
Doesn’t consultancy staff also cover people working for an actual consulting company?
I have worked on long contract - one or two years - for clients in the past helping them structure and put in place large projects and while I was technically there full time it was pretty clear that this was temporary, I was filling a punctual need the business wouldn’t have after and there was a somewhat clear idea of when we would part.
These relations are not necessary a way to pay less or not give benefits. I was actually paid a lot better than if I had been working there.
> In the US, it seems like a "contractor" frequently works for an outsourcing company. In the UK we'd typically call these people "temps" or "consultancy staff" depending on the source.
I think contractor is still used in that case in the UK sometimes too. The obvious example being construction firms.
Are security guards employed as 1099 common? I was under the impression that most companies were just outsourcing and guards were actually full time employees of companies specialising in security in the same way most cleaning staff works for a cleaning company.
I think guards are a bit different. Don’t companies usually contract a security company and they hire employees (or get contractors who might work for multiple companies)? Those companies are free to choose which gigs they want.
There was a significant part of the UK IT consulting market which was not really consulting though right? People turning up and doing the same job day in day out for months or years.
At least in the IT industry people legitimately had some freedoms. I was amused to learn that a lot of lorry drivers were operating as contractors outside IR35. Not even those driving their own vehicles. The driving regulations make it pretty difficult for one driver to do anything different from another driver.
I’m a contractor, and for many companies and recruiters it was a wink wink nudge nudge arrangement to keep a gravy train running. An element of that will return when the reform is scrapped.
It's not entirely true. Just because such right exists in the contract, does not mean it is valid. HMRC guidances have a ton of rules where it does not count. For instance if the business could use the sub-contractor directly.
> and freedom to work with multiple clients.
This is also irrelevant, because exclusive supply agreements is a normal business practice. Also people can hold multiple employments and that does not make them "contractors". People can also be contractors and employees at the same time and anything in between.
> If they get it wrong, they're liable for taxes, not the Contractor.
That's not entirely correct either. The client can claw the money back from the Contractor and very much every contract I have seen has clauses ensuring that any unpaid tax the client is liable for will be re-paid by the contractor.
Which means it’s essentially going away. I first encountered it in 2005 when I first contracted & it has never affected me. It nearly affected me with my previous contract a couple of years ago as the business really didn’t understand it and was “playing safe” by trying to go “inside IR35” for the role, but that’s utter nonsense for a 3 month engagement such as the one I was doing. I’ve always paid employers NI etc. I don’t understand why they don’t change Ltd company dividends & up the %age for the first £100k or so - it’d effectively solve the problem they’re trying to fix (lost tax/NI revenue), without all the messing about.
Even with the current tax rates, it's not clear to me that it's a net tax gain for HMRC to push contractors to being permanent. A contractor typically charges VAT - which can more than make up for other taxes - especially if their day rate is higher than it would be on an employee salary.
I think most people forget that when contractor pays itself a dividend, that money comes from the profit which they also pay corporation tax on.
Then it's very much like PAYE. Only difference is that the client does not have to pay Employers NI, which is fine, because they are not an employer.
But taxes on dividends got higher and higher in recent years.
You can still work for years in the UK, accumulate money (or real estate / other investment) in the company - then you move to Dubai and withdraw dividends tax free.
You end up paying 19% corp tax rate on your income that you can access only after you're done with the UK - which is not great compared to lower taxed countries in Europe (Malta at 5% being the best), but you get access to the London only jobs which pay a bit more (even if now that's not really true in a post remote working world).
Definitely better than getting equivalent salary and being forced to stash money in a pension you'll see when you're 60 or pay 40% taxes
The majority of IT contractors are going to be bringing in over £85k/annum, which means they're going to be registered for VAT, which means they will be providing VAT invoices to their client, which means their client is going to claim the VAT back from HMRC.
So what? The company still generated the VAT revenue.
The customer gets a refund, but has to charge their own customer VAT on the full amount of the goods they are selling, so the VAT accumulates until it is paid by someone who cannot claim the VAT back
That's why it's called "value added tax" - each supplier in the chain generates VAT on the value they add.
Which in practice means that yes, IR35 is going away, because HMRC is not going to audit every single contractor, unless they make a significant amount of money, and those that do make a significant amount of money, are almost certainly going to fall outside of IR35
I believe contractor in this sense is more like staff augmentation, e.g. Equifax pays a fee to $COMPANY, who, employs (W2) John Doe to work 40h/wk at Equifax as a "contractor." It's very common in local/state/federal government to have these C2C (company-to-company) contracting arrangements to get around regulatory or legislative limits on government employee pay.
This is actually much more of an issue than someone just holding two W2 jobs, because these "contractors" are almost always billing hours, and if you're billing the same hour to two people that very quickly approaches actual fraud.
I've done this type of work in the past and I agree. It's probably contracting between companies, but the worker is likely an actual W2 employee of the contracting agency.
The catch however, is that this doesn't necessarily absolve Equifax of miscategorizing workers -- this was the subject of the famous Microsoft Permatemp lawsuit. It is possible for a W2 worker of a temping agency to also be considered a common law employee of the contracting corporation. In Vizcaino v Microsoft, the temps were found to be Microsoft employees -- even though they were also w2 employees of third party staffing agencies.
Good to know. I’m a contractor and am just starting my own business separate from my main contracting role. Was curious what precedent there is for this dynamic
Edit: I was under the impression being a contractor would give one flexibility to do whatever they want when they’re not billing hours, depends on the contract wording of course
In fact, I've seen contractors (who want to be contractors) who limit the hours they work for any single client so there's no question as to whether they're an employee or not.
The State of California prohibits firing for certain causes and if you are fired for those reasons you can file a complaint with the Labor Commissioner and they're authorized to collect lost wages from your former employer on your behalf.
If I contract you to do 10 hours of a task per week, and you say you did 10 hours but actually only did 5, you faked the hours and have violated our contract.
Right, but you can only put so much control in the contract before you're not contracting. And that's going to depend on jurisdiction too. So I was hoping for a contextual overview of that tradeoff.
I think the typical line on this sort of thing is that you can contract someone for a set number of hours, but if you also dictate when those hours will be worked you’ve probably reclassified them as an employee. The other key test in the UK is the ability for a contractor to substitute themselves for another person to get the job done.
So the company in question has what legal right to investigate the employees of their contractors? Did the contractor’s employees sign off on this? It seems unlikely.
A better remedy would be to fire the contract partner if you feel the work isn’t meeting the value you expect.
If you read the article and look at the differences, they fired the Equifax employees outright. They "flagged" a bunch of contractors. That almost certainly means they sent that list of contractors to their employer companies and requested additional verification of hours and/or requested they be removed from their projects.
>> Services available to the market
>>
>> An independent contractor is generally free to seek out business opportunities. Independent contractors often advertise, maintain a visible business location, and are available to work in the relevant market.
But it does mean that. If you aren't free to seek business opportunities, your services aren't available to the market. It's a factor, not the factor.
Yeah, I'd love for someone who is familiar with this to weigh in. I was under the impression that this was one of the features that defines contractors.
If I'm paying you as an employer for a tenporary full time stint, say 50 hrs. work/week and you're not actually punching in and out of time clock for me to track you, I might have suspicions that you're in fact short changing me on the time or quality of work you contracted if you're also working another job. I might be wrong, and you'd have a right to contest that, but I'd probably be right more than wrong on average.
If you are an actual employee of mine it's even more likely you are in breach.
No employment contract or agreement I've ever seen has prohibited someone from holding two W2 positions. Competing, sure. Sharing trade secrets is already illegal. Double-billing hours (e.g. on invoices or hourly work) is already illegal.
You're falling into a number of traps, not the least of which is thinking anyone who does contracting would ever agree to 50h/wk for a single client. "I'd be right more than I'd be wrong" is not sufficient justification to put additional requirements on a contract that almost certainly were not there to begin with.
> Executives, especially in the tech industry, have said they're worried that some remote employees are distracted.
“Distracted” like the time that Equifax leaked hundreds of millions of pieces of personal data. Maybe instead of blaming the workforce they should worry about making the company a place that people want to work exclusively. Equifax does not matter at all as an organization.
Yeah I don't buy the complaints about remote workers being distracted. Isn't this the sole purpose of performance reviews? If the employee isn't doing their job, just fire them.
Sounds to me like the execs just have control issues. "WE get to fly around in the private jets and strike business deals on the golf course, not you!"
I think it highlights another problem: performance reviews are heavily bias and management typically has no clue how their reports are actually performing.
Sadly, they do matter. Lots of power, low accountability. Equifax and the other two have a very large impact on USA citizens day-to-day. I hate it but, we can't pretend they don't matter.
Indeed. In an alternate universe, the Chief Information Security Officer of Equifax is giving interviews about the dangers of work from home for cyber security roles, informed by her masters in music composition and 0.0 years of IC experience as deep expertise.
I'm still astounded no one ended up in jail over that. Software Engineering really does need some professionalization.
i mean ubers former CISO did just get convicted, so it could be starting? (granted his scenario seems more about intent to hide a breach vs ineptitude)
>In an alternate universe, the Chief Information Security Officer of Equifax is giving interviews about the dangers of work from home for cyber security roles, informed by her masters in music composition and 0.0 years of IC experience as deep expertise.
I'm struggling to understand what the point of this was.
I used to work for the government on systems with extremely sensitive data. I’m talking… penitentiary consequences for data leaks. 90% of the Information Security employees didn’t even have a background in tech OR security.
You’d be surprised how incompetent an auditor can be if the security framework simply requires them to blindly fill in responses on boilerplate spreadsheets based on the department’s word alone.
For example, risk assessments are performed for all new applications requested by employees.
InfoSec: Does this COTS web application have X security control which protects data in transit via encryption acceptable for use in our operating environment?
Some bozo from marketing: Yeah, I’m pretty sure.
In truth, neither of them are sure. The requester didn’t check, and the auditor saw the word “encryption” on the vendor’s website along with a green padlock in the address bar and that was good enough.
The auditor doesn’t even know how check the ciphers being used for this sketchy web application. The control also requires TLS 1.2+ due to the sensitive nature of the data. The auditor marks the security control as “Met” and approves the software request.
The auditor is completely incompetent, but is used as a pawn in an elaborate game of “security theater” to abstract away liability.
Also, even if the hypothetical security control in the example above wasn’t met, the head of marketing (System Owner) could request an exception be created to skip that security control.
Wait, qzx_pierri, you’re telling me that the security control can be skipped? How the hell is that a security CONTROL?
I don’t know, and that’s why I quit that depressing industry. To everyone reading this: Stay paranoid, and protect your data yourself if it’s on someone else’s server. "Security" (in America, at least) is often complete bullshit.
Another data point, I was reading just yesterday on a HN post about fake qualifications about many male director level people without proper education.
The vast majority of the people who invented, built, and maintain all the systems infosec people are deploying had CS or CE degrees. A good CS degree provides an excellent foundation for infosec careers. In fact, at many institutions, the infosec major is very similar to the CS major.
It's not everything you need, which is why a CISO should minimally also spend some time as an individual contributor in an infosec or closely adjacent group.
You're moving the goalposts because your position that CISOs need no education whatsoever in the work they are leading is prime facie absurd.
25 years ago I asked Gene Spafford why the advanced degree program was being run out of the philosophy department instead of the computer science department, and he replied that it made no sense to be part of the CS department.
That's not to say that a CS graduate is or isn't the ideal candidate for the program (I think he felt that they were). But securing systems and organizations is primarily not a technical problem. You should understand that and understand the reasons why.
It is literally true that she had no relevant formal training.
It is also true AFAIK that when she got her first role as an executive in charge of security, she had no formal training or IC experience in security. All of her "security" experience was in executive roles. Which is insane. That never happens with other types of technical leadership roles (legal, law, finance, accounting, engineering, etc.).
> Yes, but that's also true of almost all BigCo CISOs.
Yes, we've been over this. The article is about Equifax. I made a comment about Equifax. I've previously criticized other execs after data breaches or other major technical failures (Eg Boeing).
> By "AFAIK" you mean that this is just what you assume without checking, right?
No, it means I did check and she does not according to any publicly available evidence. I added the AFAIK because I cannot personally certify that her publicly available resumes are complete.
It would be extremely odd to exclude relevant work experience from public profiles, so I strongly believe that she does not have relevant experience outside of exec positions (which she shouldn't have had in the first place without IC experience and/or relevant education). But I do not personally know her so I cannot personally attest that her public resumes are complete. Therefore, I added a qualifier.
I can understand why this wording confuses you, though. It's a result of the fact that I have personal integrity and take words and accusations seriously.
People in technical leadership roles should have formal training and should have spent some time in the trenches, full stop. We hold most other specialized leadership roles to this standard: Chief Financial Officers, Chief Legal Officers, Chief Medical Officers, etc. Why not CTOs and CISOs?
> nasty sexism... male CISO at other company...
The article is about Equifax. I am commenting about Equifax. This is not about gender.
I'm well aware that this problem is pervasive in American business culture. The article is about Equifax. So I am commenting about Equifax.
> Turns out Susan Maudin at Equifax had decades of relevant experience:
Those are all also management roles. She went from non-cybersecurity into cybersecurity management and then worked her way up the management chain.
She had no formal training in IT/CS, no experience as an IC in IT/CS, and her organization royally screwed up.
Expecting relevant formal education and relevant IC experience is not sexist.
>People in technical leadership roles should have formal training and should have spent some time in the trenches, full stop. We hold most other specialized leadership roles to this standard: Chief Financial Officers, Chief Legal Officers, Chief Medical Officers, etc. Why not CTOs and CISOs?
The vast majority of qualified candidates will not have relevant formal training. Until very recently it's been borderline impossible to get an infosec degree, and what little opportunities existed were of atrocious quality.
>Oh, please. I'm well aware that this problem is pervasive in American business culture. The article is about Equifax. I am commenting about Equifax.
1) It's not a problem
2) It's not American
This is just how emerging fields are, you can't have formal education when nobody knows what to teach.
You will never convince me that Equifax could not have hired a CISO with decades of relevant IC and leadership experience and appropriate educational background. Perhaps Maudin at the time she was hired, I'm not sure the length of her tenure. But there was certainly no excuse for choosing an MBA without IC cybersecurity experience for her replacement. (Who, btw, is a man and also wildly unqualified except for a string of other executive positions that he also should not have been in... happy now?)
>> The article is about Equifax. I am commenting about Equifax.
> 1) It's not a problem
You have got to be kidding me.
1. Equifax majorly shit the bed on cybersecurity, and the buck stops at the CISO.
2. Why is this not the case for CFOs, CMOs, CLOs, and literally every other technical chief officer position except CTOs and CISOs? Again, it's not the 90s.
>You will never convince me that Equifax could not have hired a CISO without decades of relevant IC and leadership experience and appropriate educational background.
If it's so easy, surely you can name a couple of people with decades of relevant IC and leadership experience and appropriate educational background who they could have hired back when they went with Maudin?
>1. Equifax majorly shit the bed on cybersecurity, and the buck stops at the CISO.
The buck never stops at the CISO, just like it supposedly didn't at Twitter.
Yes, I can name dozens of people who would have made excellent CISOs in 2017 and meet my (low) bar of (1) relevant IC experience and (2) some relevant formal training.
> The buck never stops at the CISO, just like it supposedly didn't at Twitter.
If the buck doesn't stop there, it certainly passes through.
Let me flip this around: should you hire a Software Engineer with decades of management experience at a bank to the Chief Financial Officer? What about lawyer who's worked at a hospital to be the Chief Medical Officer? Would you hire an MBA without any legal experience to be your Chief Legal Officer? No, no, and no. If a company did any of those things and shit hit the fan, people would be irate and the company would be rightly criticized.
So why is it okay to fill CTO and CISO roles with MBAs who have no technical training or experience?
It's not, and I don't think juries are going to put up with this over the next couple decades. The "new field" argument is increasingly implausible.
My current employer's CISO or my former employer's equivalent of the CISO. Both were hired prior to 2017 and had relevant education and expertise. And no, I'm not going to risk doxing myself to someone accusing me of sexism for saying that CTO/CISO roles should be filled by people with relevant education.
> Compsci is not an infosec-related degree.
Are you kidding me? I am beginning to lose confidence in any ability to have a reasonable conversation with you.
Four years of CS cover a lot of material that is directly relevant to information security, even without any formal coursework in security. Most CS degrees require several years of programming, an Operating Systems course, and courses like Networking, Cybersecurity, and Cryptography are often offered as electives. Even the basic courses offer a lot of basic knowledge about the work being managed.
Is it everything you need? No, of course not! That's why the criteria -- from my first post -- is BOTH relevant education and also relevant IC experience.
What is inappropriate is a CISO who has never written or read a single line of code, never configured a piece of IT equipment, etc. It would be like a CLO who has never read a legal brief or a chief medical officer who has never treated a patient. They won't even have a basic high-level understanding of what's actually going on in the work they are managing. I've seen this, first hand, from a (male) executive who did not have a technical background.
I took courses on Cryptography, Networking (with a unit on DoS/DDoS mitigation), Operating Systems (with a TON of systems programming that got me intimately familiar with buffer overflows and memory models), and a Software Engineering course that included some discussion of injection attacks.
As term or course projects I implemented or was part of team that implemented: a virus scanner, an intrusion detection system (back before they were common -- we called in 'dynamic iptables' or something like that), portions of an operating system with a bunch of security and permissions relevant stuff, a password cracker, and a bunch of crypto algorithms.
Aside from all of this, a basic understanding of how to program and build software systems is already important background.
But no CS is totally unrelated to infosec and I'm a sexist dick for saying that people in leadership should know about the work they are managing. /s
>The only person that made this about the CISOs gender is you. OPs point was about the lack of credentials, which would apply to anyone.
Except it seemingly doesn't apply to literally every other CISO. Does the CISO at Meta have a relevant degree? No. Did Mudge have a relevant degree while he was the CISO at Twitter? No, he also had a music degree. Does Coinbase CISO in charge of securing many billions hold a relevant degree? Nope. Does the CISO at Stripe hold a relevant degree? Again nope.
>Having professional accreditation that you should be overseeing the security of peoples most sensitive information is objectively a good idea.
It's a good idea, yes! Did some meaningful professional accreditation exist at the time? Nope!
They were stating the facts around the Equifax breach which is on topic. What is a surprise is the conversation being derailed because someone wanted to make their comment about gender. It isn’t.
>How is it sexism if it's true? Or should people not bring this up because she's a woman?
Nobody would ever bring this up about a man, most CISOs have similar degrees. You haven't even been able to get a formal education on this topic for very long.
>For example, the data leaked from Uber in the recent breach is way more impactful than anything which ever leaked from Equifax.
What could be more impactful than the social security numbers, personal information, and financial records of every adult in the US?
>But hey, maybe that's just because nobody noticed that Latha Maripuri is also a woman.
Yes, that should tell you that gender has nothing to do with it which you are vehemently trying to make this about.
>How would you know it wasn't her superiors constantly blocking her from doing her job properly?
I don't know that, that's why the company should have been liquidated as compensation, or at the very least it should have been taken to court where she can testify to what she tried to do and what she was blocked from doing. Otherwise, the responsibility lies with her -- that is literally her job description.
>What could be more impactful than the social security numbers, personal information, and financial records of every adult in the US?
You could already buy just about any adults SSN for a dollar from various breach aggregators well before the equifax leak, so literally nothing changed in that regard.
Personal information? What? Names, addresses, dates of birth? The above still applies.
Uber holds very detailed location data, travel histories. Far more revealing than what might have come
>Yes, that should tell you that gender has nothing to do with it which you are vehemently trying to make this about.
I'm not sure you can seriously read anything into that, it's essentially random whether or not these things get picked up.
Or why do you think that Susan Mauldin is widely ridiculed but Latha Maripuri is not? Both have very similar resumes, no formal qualifications and presided over massive breaches.
>I don't know that, that's why the company should have been liquidated as compensation, or at the very least it should have been taken to court where she can testify to what she tried to do and what she was blocked from doing. Otherwise, the responsibility lies with her -- that is literally her job description.
This doesn't make any sense. You don't know and the possible actual culprits did not tell you otherwise, so the responsibility lies with her?
>You could already buy just about any adults SSN for a dollar from various breach aggregators well before the equifax leak, so literally nothing changed in that regard.
Not only is this entirely speculative and needs a citation, just because others have experienced breaches doesn't mean you get to publicize private information, that once again, people did not consent to because they're not users or customers of Equifax.
>You don't know and the possible actual culprits did not tell you otherwise, so the responsibility lies with her?
Yes, that is the role of a Chief Information Security Officer. Here is a brief description for your reference:
>The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.
Unless other information comes out to suggest otherwise, yes, it is very fair to assume the responsibility lies with her.
>Not only is this entirely speculative and needs a citation, just because others have experienced breaches doesn't mean you get to publicize private information, that once again, people did not consent to because they're not users or customers of Equifax.
I don’t see how any of this was the executives fault. They have no idea of computer security and hired people who they thought were competent to handle it.
No, they didn't. The executive in charge had no freaking idea what was going on, at all.
As noted earlier in the threads, it was a music major with no experience, they hired a fall guy/gal - please dont say stuff you have no idea about.
Of course that is not applicable to 'boards' and 'CxO'. Quick search suggest some of them sitting at at least 2 'boards' or also 'partners' or something.
So yeah, rules for thee but not for me.
In their defense, board seats are not a full time job. The commitment could be as little as a few hours a month or quarter. “Partner” could also mean quite a few things, such as a partner at a venture firm for example. Which also may not be a full time job.
The difference here is that as an employee you commit to provide 40 hours of service to your employer. From the stories I’ve heard of these double jobs, this isn’t a weekend job working at the local coffee shop for an extra few bucks which doesn’t impact your primary responsibilities. Instead it’s a professional job with overlapping hours. Which means an employer isn’t getting what they paid for and these people are deceiving them.
You could give the same argument for second jobs as well, could be a small gig getting done in an hour, a music class that someone teaches to their neighbourhood kids or someone doing trading on the stock market. It is all additional income, just the semantics of how one gets them is different.
It is true that higher-level employees at companies not uncommonly sit on boards although I assume this is something that high-level employee discusses with their management--and as you say it's typically not a big time committment though can lead to conflicts. And it's not unusual for even individual contributors to be on some unpaid non-profit board but that would generally be out of scope of most employment agreements.
Most CxO positions are full-time although there are, e.g. fractional CFO-type positions for smaller companies.
Boards are usually explicitly not full time. At the previous place I worked, I know from the paperwork we gave the government that the board only worked 2-8 hours a week (and even that might be generous)
You're getting a lot of heat for investing in your children. This makes me sad, though I suspect the people are good intentioned, trying to help you "solve" your problem.
I can think of many scenarios where 1K/month/child is the best option. I don't know the quality of schools available in your area, but I do know it can vary wildly, and good school can make a huge difference.
And you have my deep respect for the sacrifice you are making for your children. We need more people like you.
In particular, how many of the "public school is good enough" folks are paying four figures extra on their mortgage payment to be in an area where that's true.
In any major metro, an extra 2-3 bedrooms in a district with great schools is way more expensive than living in a place with the worst schools and paying tuition.
My impression (from across the pond) is that the quality of public schools can vary quite a bit, because they're funded by local property taxes, which means schools in rich neighbourhoods have better funding than those in poor neighbourhoods.
And I have no idea how much freedom Americans have to choose which public school to send their kids to.
By comparison, all Dutch schools receive the same funding, whether public or private, have roughly the same quality and are subject to the same standards, and people are mostly free to choose which school to send their kids to. (I think in Amsterdam, some primary schools have a certain postal code area from which they accept students, and for secondary schools there's a massive ranked lottery system where a small percentage of kids do not end up in one of their top-3 preferred schools.)
> My impression (from across the pond) is that the quality of public schools can vary quite a bit, because they're funded by local property taxes
Sort of.
Per Wikipedia:
The largest source of funding for elementary and secondary education comes from state government aid, followed by local contributions (primarily property taxes)
As a side note, my city passed a $70 million dollar bond to build a new elementary and middle school. The school is currently ranked in the bottom 5% in the state.
Also:
Schools in the United States spend an average of $16,993 per pupil, which is the 7th-highest amount per pupil (after adjusting to local currency values) among the 37 other developed nations in the Organisation for Economic Co-operation and Development (OECD)
Try again, plenty of people on here probably had varying experiences in public schools and came out just fine, and some are struggling, you'll find both here.
Went to public until 5th then private school through HS, all were dumpster fires in their own way. Just my .02, and while this was over a decade ago, I'm inclined to believe shitty and free is better than shitty and expensive. If your kids are even remotely motivated and smart, what they do outside school is 10,000x more important so might as well put the money towards that.
Where I grew up public schools were measurably worse than alternatives. Using objective metrics like average number of gang wars in a given year.
Since there's something like 100k public schools in the US, with very different performance and governments in charge, I don't think people here are really in a position to judge someone's parenting choices over the internets.
Also by the way, public universities run about 12k/year, so they may well have their children in public school.
Yeah you raise a good point, I was in a city with generally serviceable schools. Really, I just tend to get frustrated at the belief system that all public schools are awful and any good parent should send their kids to private school. Even when the public option is ok we can't have our kids hanging out with the prole kids.
This is still just one data point. Can you compare your public HS experience to your private HS experience? Can you compare public school A to public school B? Private A to private B?
A school being private doesn't magically make it great. It has to still work hard for that. A public school being good requires hard work too. But let's be honest, usually it boils down to parent involvement which is usually fueled by economic status. Rich(er) people have time and/or resources to actually be involved in their kids lives. They also tend to have fewer kids so more time/resources per kid. The initial thing a private school does these days is pool the rich(er) cohort of kids together.
I live in a part of my city known as the 'private school corridor' because there are so many. And, the public schools are notoriously horrible in the city's ISD. So, it's pretty much required if you have the means. The other alternative is to move to a suburb (different ISD), but even those are pretty easily seen as correlating good school districts with high home prices. Yet, I've seen studies in my area that say if everyone sent their private schooled kids to the public schools they would average out and be pretty well rated. But it's a first mover disadvantage to do so, so nobody does.
I also live in the south and this whole private school thing really started during integration, so there's that whole issue to contend with too. The impacts of red lining and white flight are pretty stark here. I don't think it's the motivating factor for most people any more, but inertia.
This is why our public schools have stats like "5% white" and "86% low income" on Great Schools. 5% white seems really low, the city is ~56% based on another google search.
My kids school called us in for a meeting. My son froze up on tests. They had a standardized test coming up, and they wanted to label my son as illiterate so that he could have someone with him while he took the test, they thought that would help him do better. To be clear my son could read just fine and he just froze up on tests. Both of my children were placed in private school that week. The sad thing is we were the super involved parents, donated a ton of time and supplies, coats/gloves/hats to the coat drives to make sure the kids didn't go without, etc. But I'll be damned if you are going to label and stigmatize my child because standardized test scores are your true priority.
The private schools priority was education. They had the normal tests on the subject matter taught, and may have been required to do the federal government standardized tests used to judge schools, but they did not focus on those tests results. They focused on education, not federal/state government standardized tests.
You pay for it with your taxes. It's a lifestyle choice if you want to send your kids to a private institution when public school is already covered.
I hope that doesn't come across as rude, because that's not my intention. But private school is not some necessity of life that you're forced to pay for -- definitely not "literally impossible" to survive without.
Technically yes, but depending on your location your public school system may be chronically under-funded, to the point where sending your kid to a public school would put them at a big disadvantage in high school or college (and so then for the rest of their life).
Yes, you could move, but as it turns out properties are more expensive in good school districts.
I'm a product of one of the shittiest public schools in my state. While I attended, they were forced by the state to convert to an "international baccalaureate" school because the alternative was closing.
I say that because yet, among my peers from that school, I count engineers, astrophysicists, doctors, IT workers, psychologists, pilots, and more.
So I would vigorously argue against the idea that students who attend underfunded public schools are at a disadvantage for life.
The biggest impact I noticed is home life and the involvement of parents. If you are a parent who cares and pushes your child, that is worth way more than the quality of the school as assigned by some ranking system.
Additionally, my exposure to a rough-and-tumble school with people of varying backgrounds (i.e., not a single socioeconomic stratum) gave me empathy and social skills that are extremely useful in everyday life.
I'm not saying your choices are wrong, but I strongly disagree with the premise that a less-than-ideal public school leads to lifelong negative consequences.
You’re setting up a false dichotomy. There’s no one input that’s responsible for 80% of a successful education.
School funding is obviously dominantly important up to a point (they need books, rooms, teachers, etc.).
Past that point, marginally more engaged and educated parents are worth much more than a marginal $X of funding per student per year.
I went through a public school with a tri-modal distribution (that almost perfectly mirrored our county’s tri-modal income distribution). A handful of people dropped out functionally illiterate, most people came out “just fine” and went to a local community college or state school, and a handful of people went to top tier universities paid for by pell grants, scholarships and PLUS loans.
The main variable correlated to which modality you fell into was a combination of the socioeconomic status of your parents, and how engaged they were in your education (i.e. not going through a divorce, not rich but working 100 hours per week, etc.).
A passionate teacher or extracurricular sponsor (drama teacher, athletics coach) might have temporarily filled-in for or amplified this normally parental role for a year or two with a similar effect, but only for a couple students at a time. They would usually target their efforts on kids on the cusp of a modality (failing but with a lot of potential shown elsewhere, or very smart but from a troubled home).
There’s a study on kids that just barely missed the cutoff to get into the #1 public school in NYC. Their post-HS outcomes were indistinguishable from those on the symmetrical other side of the divide. On either side of the divide, you had parents encouraging and pushing their kids just as hard. Interpret from that what you will.
Basically, the world isn’t black and white. It’s damned complicated. Public school is complicated. Anybody who claims a simple solution, especially tied to funding or teachers, deserves suspicion IMO.
Providing an example would surely help your case. US schools are currently removing gifted education (which costs nothing extra, just has higher standards) or because they found that spending more on non-gifted students didn't close the achievement gap.
> The biggest impact I noticed is home life and the involvement of parents. If you are a parent who cares and pushes your child, that is worth way more than the quality of the school as assigned by some ranking system.
Agreed.
My comment is from experience as well though. A lot of my classes in HS had to be slowed down to the slowest student (no child left behind I guess), but the better students were frequently bored. I'm glad I was lucky enough to be able to take advanced classes, but I still think one's school has an impact. Exposure to certain topics or classes can certainly impact a student's life (in my opinion). For instance, high schools with a compsci class, I'm sure will have more students becoming SWEs than high schools without.
One simple (and perhaps actionable) way to express this idea.
Say you're two parents who are very conscientious about wanting your child to have "good outcomes" in life (i.e. have a good schooling experience, go to a good college, have a good job).
It is better, for your kids, for the family to live in an environment in which you (the parents!) are living comfortably and with minimal stress, than it is to attend a top 50 high school, (assuming that means trading off against comfort & stress).
By comfort/stress, I mean to say: money isn't a weekly, monthly, or even quarterly issue, jobs are low-stress, and you have a lot of spare energy/time to invest in your kids after school, on the weekends, and in the summer/holidays.
There are plenty of schools in the top 500 or top 1000 in the US that are in geographies check these box for you, your spouse, and your family, that don't cost $1000/month/child.
You might not be min-maxing your retirement accounts by taking jobs that allow you to work in-person/remotely there, but the compounding dividends paid by investing in your family and community carries much more value.
I think there are "shitty" schools, and then there are _shitty_ schools.
A "shitty" public school is probably generally underfunded, but at least has the decent-enough quality of teachers/parents to lead the motivated kids to the right information. That way those kids can go on in their own time and study enough to make it to professional jobs in the real world, although most of these kids will never make it to top-tier colleges due to optics of their schools.
A _shitty_ public school lacks even generally-caring teachers, and often suffers net-negative because of the parents. Kids in these schools grow up ignorant of what to learn, much less how to learn it.
The poster you're responding to is the poster child for the helicopter parent that plans their child's life and then bribes school officials to get them into an ivy league school.
Little Johnny is better than the plebs around them who attend the public school in their district.
The funny part is that school teaches you to do things "by the book" and that, itself, has its own downsides.
> I'm a product of one of the shittiest public schools in my state. ... yet, among my peers from that school, I count engineers, astrophysicists, doctors, IT workers, psychologists, pilots, and more.
Are you serious? How did they manage to apply for and pay for the education needed to score those jobs?
A friend of mine was also a product of one of the shittiest public schools in her state, and she was apparently the only person in her grade to continue on to university.
US has public universities and college scholarships.
And, you know, students don't pay for college out of their own income from high paying jobs they got based on high school education.
public schooling and low-tier education were undoubtably the worst experiences of my life. the criminal behavior (hard drugs, regular violence) and resentment of the teachers are the closest thing to hell I have experienced. you got out lucky.
Those districts are very likely to have housing markets that include precious few "shitty apartments" and zoning that makes it impossible to build more of them. That's a fundamental fact of modern America.
I on the other hand went to public school and would send my children to one. Anecdotally, some of the most successful people I know went to public school, many of which had parents that could easily afford to send them to private school.
The way you say this implies that there's some easy way to move your kids from a bad public school to a good public school. This is of course laughably wrong, since moving schools requires buying a home in a nicer/more expensive area.
If you’re sending 3 kids to private school for $1000/month each, you could afford instead another $400k of mortgage or so on top of what your mortgage already is with todays interest rates.
That’s almost as much as the median home in America. So assuming you already live in the median home, you could send your kids to private school, or you could buy a house that’s twice as expensive.
Where I grew up, the median home is less than the national median, and the public schools are pretty good.
I think that's defeats the purpose of public school. As a society, we decided we need to collectively contribute to every child's education, regardless if they are own. I have no kids, but I pay my school taxes so that other people's children can have an education.
You would not pay those taxes if they were optional. Most wouldn't anyways. Most people live in a paycheck to paycheck world and would love to get a free pass on that tax bill.
"We" also have not really decided anything as a society but were born into the decisions of prior generations and it could be changed. See Roe v Wade, marijuana, etc.
The parent wasn’t disagreeing with the collective payment responsibility (and I don’t know where you got that), only with the public school model that gives no choice as to which schools the money is spent at.
Refund or voucher to the parent suffering it. Still not seeing how you went from that to “don’t you understand that non-parents should fund public schools?” The premise is that those hurt by it, parents, recover money to otherwise educate their kids. Nowhere in that was a claim that the childless should get money back for being childless, so I don’t see how addressing that is responsive.
No, they're hugely different. One of them accepts that the state should still be paying for education of children regardless of whether your personally have children -- just with better options than failed public schools. Which is why lectures about how "we should all be paying for kids' education" is very unresponsive. Which is why I said so. And have not yet gotten a substantive reply that addresses the criticism.
I must pay for socialized education regardless if I use the service. I might choose to not use this service because I lack children or I may choose a different provider. But this doesn’t mean I don’t have to pay my taxes if I don’t want to use a gov service.
What makes adults with kids special that they don’t have to pay this tax when they don’t want to use the service?
I'm struggling to think of a single public service that you can get a refund if you don't use it. Even private services like health insurance don't refund you money because you chose a provider outside your network.
No, they aren't. Perhaps you're having trouble telling the difference between people who don't understand your argument and people who disagree with it?
I fully support a public education but in the US, the school system is massively overloaded. We blame schools for everything and schools are all too eager to accept responsibility for anything and everything.
School athletics programs paying for huge multimillion dollar stadiums should not be possible. And on that topic, independent school districts should not exist. One state, one school district. https://en.wikipedia.org/wiki/Eagle_Stadium_(Allen,_Texas)
The purpose of a public school is the opportunity to educate children at little to no out of pocket cost. It has nothing to do with specifics of the tax system, or whether a voucher program exists.
Also, if you are American, voluntarily donating money without oversight to a local school has as much return as breast cancer awareness.
Sorry to hear, that sounds like a real struggle. Serious question: have you considered giving up one of those jobs and home-schooling your kids with the time gained? There were quite a few articles about how unreasonably effective real tutoring (as opposed to exam tutoring) is, it's made me wonder how practical it is for people who aren't independently wealthy.
Do you have a spouse? You might be worried about public school quality, but at some point it would be cheaper to just have the spouse stay at home and home school.
Except the stay at home spouse doesn't get any pension/social security benefits from this, plus it tanks their career with massive impact on future earnings.
Nope. You get the same social security benefits (50% of what the earning spouse would get at your age) after divorce if you were married for at least 10 years.
If you can snag a WFH job, you can homeschool after grade 5 pretty easily. School is half daycare and a lot of students doing work, and half foller topics you don't need to study.
and where you don't get paid and which doesn't give you any credit on your CV when you go to look for your next job and where you don't get any social security benefits.
Potentially OP could do it. But from the wording of the comment, it sounds like OP is the main earner in the household, so if they have a spouse then the net income opportunity cost from not working would be lower for the spouse.
As to why it's cheaper, that's a calculation they have to make. If the spouse's net income (looking at marginal tax rates) is greater than 3k a month, then it's not cheaper.
Not to pick on you but that attitude infuriates me and belittles teachers.
You seem to imply that “anyone” can be an effective teacher. That’s simply not true. Plus many children react much better to people outside the house. I was definitely that way. And my wife has many amazing qualities but she would make a horrendous teacher.
I mean, the teacher quality varies a lot, and the average teacher is unlikely to be smart enough to teach the child of a HN commenter optimally, so it's not hard to match their effectiveness.
Semi-related, but Equifax runs The Work Number, which is basically your "employment credit report / record"; they hoover up the data by agreements with employers that they will share employment info with them.
I highly recommend you do this, as any employer could just decide to look you up using this info and you wouldn't be notified at all (unlike, say, a hard pull on your credit in a regular credit report).
Are there any other sites like this for the other credit agencies? Are there other services that do something like this that aren't the big three credit agencies?
It doesn’t even have to be bluffing. Salary for a new position should be decided based on how much value you can bring to the position, and how much each party is willing to accept. Previous history is the most irrelevant part of the process.
If I started hunting for a new job now, I wouldn't take $current*1.05f, I'd go for $MARKET_RATE
That's the only number that really matters here when push comes to shove. It doesn't matter how good you are, no local companies are going to pay you $500k/year to act as an individual contributor in Idaho or Tokyo, because the market rate is ~$90k. On the plus side, if you get an offer for a principal FAANG engineer position in the SF Bay, you can negotiate up to $500ish even if your last job was paying $90k.
In the US at least, you have the right to freeze your credit report at any time. I've done it for the big 3 at least (Transunion, Equifax, Experian). It's all free (finally! it used to cost) and you can temporarily suspend the freeze to let someone run a check (e.g. applying for a new credit card).
> Equifax is now receiving records every pay period from 2.5 million companies. Information in the reports comes from employers and payroll processors.
But why do employers and payroll processors give any data to Equifax? I can understand that credit card issuers, and mortgage and auto lenders want to know the credit worthiness of people they'll give credit to, and those types of businesses are likely required to share their own customers' info if they want to participate. But what benefit does the typical employer get by talking with Equifax at all? And why wouldn't an employer demand that their payroll processor not share anything with Equifax? (Their executives and founders presumably want some privacy for themselves.)
I'm going out on a limb here and try to guess the reason: Is it because typical employees want their employer to share the info so they'll be seen as having income and therefore it's easier for them to get credit cards and mortgages and auto loans? And if this is the reason, how did this situation arise; did some employees petition their company to share info? Or did the company think it was doing a favor for its employees by giving them an employment history on Equifax?
Anyone who signs up gets a report showing how their companies compare to others as far as comp goes. So they get to know if they are underpaying or overpaying. They also can pull salary history for an individual who is applying for a job in places where that is legal.
But you have to submit your data to get access to everyone else's.
Because they are lazy. In return for giving up your employee’s payroll data, Equifax provides employment verification through their automated IVR, offloading HR from the task.
Do you have a source? Because companies generally care little for a tiny bit of extra cash like that. I assume the companies probably get paid in something, e.g. data as some other commenters suggested, rather than cash. While your comment suggests at least to mr that the payment is on cash.
Nah this is true. They don’t pay businesses directly but they’ll pay the software provider. The software provider will change their terms of service as innocuously as possible, get clients to acknowledge it. They’ll even add an opt-out option but few will exercise it.
How many businesses today actually run payroll 100% in-house? Almost none.
Garbage company that collects data about people who are definitively not their customers or users in any way, shape, or form and then loses that data because of the aforementioned garbage qualities.
It should have been liquidated and the proceeds split amongst the victims after that happened.
On the one hand I get where Equifax is coming from. I’ve had coworkers before with multiple full-time jobs and only a very few can pull it off without it seriously impacting their expected productivity. The answer to this in that specific case is firing I think because it’s just dishonest. Not only are you not putting in the time, you’re also not making an equivalent business impact.
The general answer is that people are doing this because they feel undervalued. Sure there are some who will try to bend or even break the rules always if they feel they can get away with it, but for those whose output is a multiplier above normal, why should they donate that productivity to an employer who won’t pay for it?
Equifax is a horrible company overall, and this kind of monitoring is wrong. Their reaction to the facts isn’t necessarily wrong, though.
The level of wrong we can ascribe to holding two jobs when you’re not allowed to is minute and individual. A giant, rent-seeking POS like EFX (who already has proven itself negligent in handling sensitive data) exploiting their data for purposes it’s not intended for is much more alarming and far reaching.
I think we can agree on Equifax being a giant, rent-seeking POS--that's the whole point of their business, right? But I think if a more reputable company were doing this we wouldn't be so outraged about it. I'm all for taking a free opportunity to bash a bad actor like Equifax (that's the price of a poor reputation, after all), but I don't think I actually disagree with their reaction to the findings here.
> The general answer is that people are doing this because they feel undervalued.
Merely feeling undervalued isn't enough to induce most people to work two full-time jobs. That's a brutal time commitment even for someone who isn't working very hard at either.
People usually do that because neither job pays well enough on its own.
Depends on the job. There’s a growing trend of people getting remote jobs then just hanging out in Slack/Zoom (camera off, never talking) collecting a check til they get fired.
In some cases they’ll outsource some work overseas.
How many of these people can there possibly be? Are there really that many jobs with such low visibility, low expectations that someone can get away with Just Not Working for more than a few days before it’s obvious?
For software development, I feel like being "overemployed" would be relatively easy as a mid-level or senior developer. Job #1 is your 'mainstay' job with decent pay/benefits (but requires more concentration), Job #2 would be the 'side' job that you could fulfill your responsibilities with minimal effort.
A full-stack dev with 7ish years of experience could easily create/maintain CRUD apps for a smaller company with minimal effort while focusing the rest of his efforts on a more challenging role at a larger company.
Somewhere out there is an unemployed person being rejected from jobs or not getting interviews because this service is providing an incomplete or erroneous employment history. It’s critical that services like this have a means of both easily identifying and rectifying errors.
2. Equifax offers the option to delete or freeze your data but what does that mean for future employers looking to validate your employment?
Employers that lean too heavily on this are going to reject candidates that deleted or froze their data.
Employment history verification is something the government is in a good position to provide.
>Step 2 • Log In
First-time Users: If you do not have a user ID or password, you can call our Client Service Center at 866-604-6570 to request a copy of the report.
Further down the page you linked. Ill be calling tomorrow to learn what fresh hell equifax has created. For me.
> Closest I see is being able view your report but first thing it asks for is an employer instead of asking for information for identifying an individual
Yeah, this was extremely frustrating. I'm trying to find my current and previous employer, and neither is even coming up on the search, so I can't verify my data.
>Somewhere out there is an unemployed person being rejected from jobs or not getting interviews because this service is providing an incomplete or erroneous employment history.
Relax, you can give them any employer you ever had, not just your current one. To get my record I put in a previous employer who doesn't even exist as a company anymore.
I looked up my data in this system. They show only 2 of my past 11 employers, and those two have incorrect data about my start and end dates, and how much I was paid. With this information being so inaccurate, I'm wondering if it's even worth my time to try to correct it. To be honest, I think I'd rather just not work for companies who would use this kind of service anyway.
Yeah TWN is referenced in the story, but it doesn’t sound like it’s being used to weed out multiple jobs. Mostly just used for government agencies and financial institutions doing credit checks.
Either employers haven’t caught on to that or the data it provides does not offer the required detail.
The company sells a product called Talent Report Employment Monitoring so other companies can keep tabs on potential moonlighting by their employees, too.
People say we don’t need unions when companies are forming groups to collude in the market against the interests of employees. If they can’t detect a performance drop due to working two jobs and have to spy like this, then why even care about it?
Because there are departments in every (larger than a certain size) company that need to justify their existence and keep their jobs. That's why we have tons of useless metrics for measuring performance instead of simply looking at the output.
>1. Is this legal in all jurisdictions an employee could conceivably be based in?
I don't see why not. To my knowledge employment information isn't protected by law, and presumably whoever provided equifax that information turned it in willingly.
It doesn’t matter. For this to matter it would require punishing the offenders, and since they are wealthy it’s not really an option in most western countries.
> CEO Mark Begor this week informed employees that some of their "teammates" were fired for having "a second full-time job while maintaining their full-time role at EFX," which is the ticker symbol for Equifax.
Don't punish people for being entrepreneurial, it's completely un-American. If you can't tell whether someone is producing adequate value or not without interrogating their finances, that's on you.
What a conniving snake of an asshole. Can we abolish Equifax? Anyone have a link to the opt-out?
what does someone who doxes the general public for chump change deserve? I wonder what skeletons Mark Begor has in his closet..
If you believe the article, they were able to tell whether someone was producing adequate value since they claim the investigation was into people that were not performing as expected. The data in question was one piece of the information.
I don't believe them. If they had low performers, Equifax could have let them go without the non-consentual financial rectal exam on the way out. The number of jobs is irrelevant, only performance should matter.
This is a political / marketing move, as they could have also done the inspection without publicizing it.
I was in car sales. Top performers were caught borrowing used cars for nights out, secretly loaning cars to favorite customers for long period of time, buying tradeins secretly off the books, crashing cars while basically driving recklessly while transporting company cars to customers or off-site facilities, and not fired.
Low performers were fired because they answered incoming calls poorly twice in a week.
So it IS possible top performers were allowed to have side gigs and not fired at Equifax.
This is an excuse. But, interestingly, it was an excuse for 2% of the people they investigated.
So apparently being a poor performer at Equifax, but NOT moonlighting, is not a fireable offense, since the other 98% weren't let go. Or they were, and this is just a propaganda piece in service to corporations (it is Business Insider after all). Either way, I feel, not exactly a great look for Equifax (like they have ever looked good), since either way it's still a waste of man hours spent to justify firing people they wanted to fire anyway.
There is a way to "freeze" your job data I believe - totally different from freezing your credit. No idea how far it reaches but I have considered it myself. Anybody know how to do it?
The fair credit reporting act (FCRA) does not care about 'reasons'. Every company I have dealt with trying to go down that road has found themselves in a rather nasty end. Chex Systems, "WeWork", even a dating site. If you record data and then present it to others as factual history, you have to abide by the FCRA.
It should prevent other companies from getting your data. It does not stop Equifax from looking at the data they’re hoovering up. It’s going to take a law (something like the CCPA/CPRA) to destroy their Work Number product (by creating controls so tight on worker employment and compensation info a business can’t aggregate and sell it profitably).
Call your state and federal legislative representatives.
(It does appear California residents might be able to have The Work Number delete their data: https://myprivacy.equifax.com/personal-info ; I’m not a California resident, so please report back if this works)
Edit: I qualified my first sentence because Equifax might just ignore your workplace data freeze and hand out your info anyway.
>It does prevent other companies from getting your data.
I'm guessing that's what people in this thread are looking for? Surely not everyone here asking how to freeze (or providing instructions on how they did it) works at Equifax.
Wish I was surprised that I can’t access it. Somehow I zoomed in enough on my phone to sort of see the images without it placing half of them off screen(!), and correctly picked the images I could barely see. Got the green check mark and all. Got an error that I didn’t complete the CAPTCHA, did it again and another green check mark, but now it won’t submit at all.
Isn't the whole thing of being classified a contractor that you are not bound to one employer? If you are bound then you are an employee.
How skewed is the system when all the bad things of being a contract worker applies but any of the benefits are taken away? This is getting ridiculous.
I think there should be a law preventing companies from restricting their employees from having second jobs.
As long as it doesn't affect their performance in their primary job and as they are not working at a direct competitor, it should be none of their stupid business (and should be illegal) to check for an employee's other jobs.
The issue is tech workers in most decent companies get a lot of leeway in terms of hours worked and how flexible things are because of the implicit agreement that whatever workable hours the employees have are dedicated to their org only.
If this assumption is made impractical im afraid companies will react by putting stricter measures like clock in and out times and crap like that.
At the same time, if an employee wants to work two jobs, all the power to them. Go get it buddy, screw the companies, you owe them nothing.
That's exactly the problem. No company should force workers to have only their job. If full time equates to 8 hours, I might well take another 8-hour job (of course that's very tiring and ineffective though) and work 16 hours a day. Would I personally? No. But should anyone who wants to do it be allowed? Yes.
Go further than that. The law should be about personal information. It really isn't anyone's business how much we make or who we're working for or with. Laws should be all about destroying this surveillance capitalism in general instead of pontual remedies like stopping some especific practice.
The law should make this data a liability. Companies like Equifax should not even want to have access to this data. It should cost them money every day to know this information. They should be trying to forget everything they know about us, not amassing even more data.
I think there are legitimate reasons why a business might need to restrict employees from having second jobs. However, if those circumstances apply, they should include it in the contract and it should impact salary negotiations.
For instance, if an employee is working from home at two jobs at once, and makes an invention which they introduce in both jobs, then both companies might rely on this 'trade secret' to protect market share (including suing people whos 'steal' it. Some engineers are employed to come up with inventions, and if a business can't rely on their output to create competitive advantage then they are not providing the service they were hired for.
Similarly, a sales rep working for 2 businesses, or working in procurement at a government customer and sales at a vendor, could create a very nasty corruption lawsuit.
Finally, some jobs are responsive - for instance a site engineer or some cyber security roles. A lot of sitting around punctuated by sudden urgent work. I know a guy who repairs offshore wind turbines and he plays xbox all day then occasionally jumps in a helicopter and rides to the rescue. It would be a great job to do alongside another role, but if they company has chosen to pay you to be present in between assignments then they are very much paying you not to do that instead of just having you on call at a cheaper rate. It would be legitimate for them to contractually require you to give them what they paid for, and enforce.
I think it comes down to, are you providing what you are actually being paid for - in the first case pristine inventions, in the final case literally your time.
The other side of this is - in engineering we are trusted to tell the employer how much work we are able to do in a period. At sprint planning I tell my team I can get these 3 tasks done this week and that goes unchallenged.
You could say that it is legitimate for employees to quote less than a full weeks work to their first job to leave room for some work from their second job, because if they aren't getting enough work done they will be fired.
Honestly that assumes a much more aggressive, KPI driven environment than most of us are lucky enough to work in. Would you like to work for a company where your productivity is measured according to some arbitrary KPI like "lines of code" or "supervisor assigned work volume points" or "team agreed scrum points"* and if you aren't in the top 2/3rds in a quarter you get fired? This is normal in sales but generally not in our comfy software roles. Be careful what you wish for.
* A lot of places do stack ranking but it is about getting rid of the negative outliers. Stack ranking to force average performance would be a lot worse.
Nice advertisement for a service other companies will now be begging to use. The more angry people are, the more eyeballs this will find. Equifax is a credit company. Individuals aren't their customers, instead our data is literally their product. They can't really be hurt by shaming. Are people going to boycott?
I wondered about this exact risk as I learned about the "overemployed" phenomenon. It feels like a matter of time before credit bureaus offer this as a service to the many corps that already pay them for credit checks. It's hard to be legitimately employed without a data trail these days.
>For a company like Equifax, this trends represents a potential business opportunity. The company sells a product called Talent Report Employment Monitoring so other companies can keep tabs on potential moonlighting by their employees, too.
"We expect our team to be fully dedicated to EFX and have one role …their job at EFX," Begor wrote in a recent company-wide email, a copy of which was obtained by Insider. "I am sure you are as disappointed as I am."
Tell me about it, man. I think you'd have to scrape the bottom of the barrel to find a hypothetical proverbial state + church configuration worse than what we've got today. Let's say, North Korea + Westboro Baptist Church, would be worse.
Pro tip: if you try to work in two places, and hide it from your employer(s), make sure neither of them is a company that actually collects personal information, including hiring information, from the whole nation you live in. If you do this, you are likely to have a bad time eventually.
The company I work for integrated with Equifax. I ended up in a meeting with their work number folks where I had to explain that there was no reason for us to share (e.g.) SSNs with them. Suffice it to say if your personal data is in any platform that tracks employment or income information that you are directly vulnerable in the event of a data breach.
Did they forget what contractors or freelancers mean?
If companies really want to go down this path then they will have to stop harassing employees who require reference letters or work experience letters as well without much fuss & also keep directors who are board members in other companies on a leash as well.
Is it in the contract that an employee can't take a second job? I know well reputed companies in the bay area has this term. My guess is that the intention of this term is to prevent conflict of interest and potential IP disputes.
This is just the kind of publicity that will have their customers call Equifax up and have them sift through their own payrolls to find employees to fire.
Yeah I think this article is just irony of how poor decisions have no impact on financal institutions, and they still are eating your cake. The sad part is not enough are wise enough to understand, and it is likely even less would care.
This is great publicity. It's Equifax talking about how their new product removed double-dipping employees. Don't you also want to find your distracted employees? For a modest fee to Equifax, you can too.
The difference between being understanding because rescheduling meetings because someone's family is sick vs they want to take a meeting for another job.
If they just got a second job I can fire them before their performance dips.
I suspect the reason we are hearing about this is that Equifax is about to start selling a new service: "How many jobs do your employees have?". Or maybe real-time alerting direct to HR.
The article calls out, multiple times, that the reason people were fired (all 24 of them, with another couple hundred contractors being flagged) were because they were moonlighting. It says nothing about their performance, except in the vaguest of terms ("weren't logged into the VPN enough" for instance), and the fact they were initially flagged to be investigated (presumably because of performance, but again, no details; certainly nothing to differentiate them from the 975+ that were investigated and not found to be moonlighting).
Which is an interesting admission on Equifax's part. An investigation of over 1000, including interviews and the like, literally thousands of man hours...to find 24 people who had jobs on the side, but whose performance wasn't poor enough to warrant being let go in and of itself.
The company that just acquired the one I was contracting for offered me an employment agreement that had a no-outwide-work clause. I put some writing in to get hat changed to be much more specific to only inckude things that either directly comoete with the company or actively interfere with my work.
I pulled my information from their service a while back. You can do the same.
It stated that in one calendar year, I made slightly less than minimum wage. It also stated that during high school I was working for a civil engineering firm on the opposite end of the country doing engineering work.
If an employer places any faith in that data, you probably don't want to work for them.
Equifax seems to have been given data for a specific purpose of their client and then used it for another internal purpose.
From a GDPR perspective this would probably be seen as a massive violation exposing Equifax to serious fines.
From a security certification perspective as this is now public knowledge and the company seems to be unrepentant Equifax clients can not claim their are entrusting their data to a company with proper security controls. Equifax should fail their next security certification audit for this.
Honestly the CC isn’t the problem, it’s mobile phone notification culture. One billion meaningless daily notifications, I just shut everything off. I had used a backwater credit card that I never touch to pay for parking and suddenly CC company was livid that I was delinquent. I rack up over $100 in late fees and lost 100 pts off my cred score. To resolve the issue I had to snail mail in a letter asking them to update the report with the credit score agencies.
Just such a carnival, regardless of how much you want to victim blame me
I don't think it's fair to call this victim blaming. You did indeed borrow money and fail to pay it back on time. That's exactly what the concept of a credit score is for.
We all make mistakes, but your score represents the balance of your track record. Is life complicated? Do you innocently forget to make a payment, and then pay back the fees? Do you miss notifications because your spam filter was overly aggressive? I understand all those things. But if that happens a lot maybe credit cards aren't usually the right tool for you. And if you insist otherwise but fail to make payments on time anyway and call yourself a victim of that system, that's exactly the kind of thing I want to know as a potential creditor.
That's different from credit reporting agencies losing your data through negligence, lacking transparency in the algorithm changes that affect people, doing unethical things with the data like was reported yesterday. Let's be clear that none of those things is what happened to you.
CCs are usually the safest option in the US. When it comes to loss or fraud, they beat the pants off debit cards, ATM cards, cash or checks in terms of limiting losses.
While at my doctor's office yesterday, I noticed a sign stating all new patients are required to give a credit card number and have it kept on file. I have done this for years because it was convenient for me, but I don't think it should be required.
You may be able to use a debit card but they'll need to be able to put a large hold on funds. I ran into this years back when I graduated college; I had a credit card, but it was secured, and the amount the rental car agency wanted to put on it, outside of the fees (the actual fees were being paid for by my place of employ as part of my relocation package) was too high to put on the card, and they refused to rent me anything. I still refuse to use that rental car company to this day.
That must have been very frustrating. I hope you ended up getting it sorted out at the time. I can only imagine what must have been doing through your head fresh out of college and relocating for a job. Glad you made it though, and you're right to stick by your guns. Relationships are everything in my community, most deals that can't happen with a handshake don't get far.
Nope. By happy coincidence, I ran into my brother-in-law at the airport as he was discovering this, and I have a credit card that I love collecting points on and just set to autopay.
At least you did something wrong. Mine dropped by 150-200 once when Experian decided to put someone else’s debt on my file. That person’s name has nothing in common with mine, so no idea how it got there. No free credit monitoring offered afterwards.
Unpopular opinion: I’m okay with this. I feel angry at those who lack integrity and work two full-time, salaried jobs.
At a previous job where we were all 100% remote, we dealt with an employee who did this. We caught him because his work quality was poor and he was unavailable for days at a time on Slack. It took a lot of time to investigate and justify the firing.
After being fired, he laughed with folks about how long he got away with his subterfuge. This job paid $100k+. IMO, his actions were criminal. He stole from the company.
I am usually EXTREMELY passionate about data privacy. My worry is that I don’t know for what purpose companies will use my data – that they will use it unfairly against me. Excepting errors, IMO, this is a fair use.
An employee having another job is basically none of the employers' business.
Of course, if an employee's being useless, perhaps warn / eventually fire them, irrespective to whether they have a second job, which again should be none of the employers' business.
It is really difficult to objectively evaluate performance. If nothing else, evaluators have their own inherent biases. Multiple paychecks is an objective measure. It helps determine whether a borderline employee just needs help and support or had chosen to underperform.
I believe companies have a duty to try to help struggling employees. The corollary is employee’s must do their best for their employer.
If an employee is doing a great job, they can have 50 simultaneous jobs. I don’t care.
> We caught him because his work quality was poor and he was unavailable for days at a time on Slack.
> It took a lot of time to investigate and justify the firing.
So you already knew the work was of poor quality. That's enough reason to let them go. Why do you need to investigate and justify it any further? You don't need to invade their privacy.
> I feel angry at those who lack integrity
I feel angry about a lot of stuff but employees exploiting corporations isn't one of them. I wouldn't do it myself because that's not how my father raised me to behave. I just don't really feel anything when others do it.
Do you think these companies have integrity, loyalty? They have an generally terrible reputation due to their long history of having neither. Do you seriously believe they're a victim here? I mean, we're in a thread discussing the overreach of surveillance capitalism that enables collusion to reduce wages. All this integrity talk is ridiculous in that light.
The fact is that employee just didn't work out for the company. A false positive in the interview process. That's always a risk when you work with other human beings. He didn't "steal" from the company.
We were a small company. They still do have a great deal of integrity and loyalty. A company is only the people operating it.
He absolutely stole from the company. He agreed to do his best for at least 40 hours a week. The company paid him for that.
Integrity means to do what you say you are going to do. Two wrongs don’t make a right. If he didn’t like the company, he could have quit.
Edit: To the theft part, I will also add that while that employee was “working” for the company, we were unable to hire someone else. So not only was he stealing from the company, he was stealing the opportunity from someone else.
> Why do you need to investigate and justify it any further?
In the case of my previous employer, we did not use the Equifax service. However, we did have to compile significant evidence of underperformance. Do not underestimate the difficulty of firing someone, even in the U.S.
Ok but you could've hired someone that was incompetent enough to do same shitty results while working full time in your company. In both cases they'd be fired for shit performance
There employment contract probably had outside activities restrictions that mandated other employment be approved by the company (these are, u fortunately, pretty common at big U.S. companies)
