FTC Should Probe Payroll Data Deals By Brokers Like Equifax, Rival Says (reuters.com) 13
The U.S. Federal Trade Commission should investigate how data brokers including Equifax and Experian have amassed payroll records about most Americans, a small rival urged in a letter to the agency on Monday that was seen by Reuters. From the report: For decades, companies such as Equifax have acquired employee work histories and compensation data from employers to help lenders, landlords, hiring managers and other customers perform background checks of individuals. But these big databases are vulnerable to theft and error, and workers are sometimes surprised their records are included, according to privacy activists. Equifax said it follows all laws and welcomes additional voices in the industry. In the letter to the FTC, San Mateo, California-based startup Certree said that Equifax and Experian are providing financial incentives like a slice of their revenue to employers to gain exclusive access to payroll data. Equifax also has deals with payroll software vendors that help employers process paychecks. The letter describes the agreements as anticompetitive and potentially unlawful.
no permission requested (Score:2, Informative)
Re: (Score:2)
And while I've gotten notices that info regarding my salary (well, every employee where I work, due to sunshine laws) has been requested several times by media and a union, I've never seen a request from a credit reporting company.
We're also looking at new payroll systems now, so sending this off to our CIO and CFOs. Probably won't change anything but knowing they are aware is always a good thing...
Re:no permission requested (Score:4)
I've always been of the option that if I don't have some kind of business arrangement with a company then they don't have any reason to have any data on me. Like wise, once that business arrangement is over there needs to be a legal sunset on how long they can keep that data.
Same as any data collected must be limited to what the company needs to do business with you. If I order a box of butt plugs from Amazon, they don't need to know my social security number and blood type.
Re:no permission requested (Score:4, Informative)
That is pretty much what the GDPR requires. But no such protection exists in the US.
Smug libertarian says... (Score:3)
I'll vote with my dollar and not buy anything from Equifax. The Free Market will adapt and replace Equifax with a better company. (yeah, right)
Re: (Score:3)
I'll vote with my dollar and not buy anything from Equifax. The Free Market will adapt and replace Equifax with a better company. (yeah, right)
I'm not quite sure if that was sarcasm, or if you're unaware that in the US there are only two credit reporting agencies that matter in the US -- Equifax and Experian -- and both are the same level of evil and incompetence. Both have been hacked and had our data leaked out. The cynic in me believes that was deliberate. The realist in me believes that was just incompetence.
Every time you need to buy something big on credit -- a car, a house -- the seller looks you up on one of those two.
Every time you're l
Re: (Score:2)
yes it was sarcasm. Allowing monopolies and duopolies is anti-competitive and anti-consumer. It benefits no one except the shareholders of the monopoly itself, not even the government seems to benefit from the current arrangement. Duopolies are especially problematic when there seems to be a substantial amount of coordination between these credit reporting agencies. The solution is of course to pry open the secrecy in a private company and mandate transparency and regulation on the scope of their business.
I
Ya think? (Score:4, Informative)
Own a car or motorcycle? Your state sells transaction details if you own, buy, sell or register a vehicle. This includes the VIN, your address, and your D/L number in some cases.
Own a home? Your county sells your transaction details when you buy/sell your home along with annual property tax records.
Rent an apartment? Your landlord sells information about your payments, your history of payments, and if you're a good tenant or not.
Use a debit or credit card? Don't get me started on all the transaction details that are scooped up. That information is then brokered by a lot
of organizations. Meanwhile where you buy things is collecting data about you and your family. [forbes.com]
Does the company you work for use a payroll service? Within their standard ToS, they sell your payroll history, salary details, etc.
We need a holistic solution to the wholesale invasion of our privacy. The constitution and courts aren't equipped with this benign "opt-in" strategy of conducting your daily life. It's also something the FTC is not equipped to deal with. What has to happen is that all of us stop voting for candidates who think it's ok for these intrusions, including those of the IRS in the name of "Drug Enforcement" to stop.
Re: (Score:2)
My county tax collector makes an API call to a traffic school to send you spam when you pay a ticket online.
Yes, really. I host my own mail and each thing I do business with gets its own email address - me-ticket@domain got spam before it got the receipt for my payment by about 3 seconds according to the headers.
ADP and Paychex are immediately suspect to me (Score:3)
ADP and Paychex are immediately suspect to me.
I don't think an internal payroll dept at a "normal" company I've worked at would fork this data over to credit agencies.
But some .. less-savory.. places IT places I've worked at (waves at one notoriously shitty MSP) used Paychex, where you outsource your payroll and HR when your company's too small / shitty to have internal resources.
Another used ADP.. and that one that used ADP wasn't small, nor shitty.. but was shady AF.
Can't speak to Ultipro or Lawson, two others in common use.. but they seem much less suspect than ADP and Paychex. Still, who knows, especially now that Ultimate got taken over by Kronos, and Kronos won the culture war.
So yes. I suspect the Big Payroll Processors are selling data to the credit rating people.
Most of my @bellsouth.net spam is likely Bellsouth sold me out. I've yet to have one single bit of spam come through other accounts I have. Same when I had @aol (don't judge, it was the dial-up 90's and I had to do a lot of travel back then, aol had dialups almost everywhere) I really suspect @aol had sold me out to every mailing list.
Why should ADP and Paychex be any different? If there's a buck to be made by selling my payroll data (as an indivdiual) to some super-insecure and scammy outfit like Equifax, they will do it.
theworknumber.com (Score:5, Informative)