[victorkab]

It’s really a loss for consumers across the United States.

The reality is that a large part of the fintech sector still depends on the data provided by Equifax. Their data is also used for KYC and other security use cases.

We have started Truework (https://www.truework.com) to break that dependency and give consumers control of their data. If you’re interested to help us, please contact me by email.

[wl]

The Work Number collects payroll information from employers without informing employees that they turn around and sell that information to third parties. They mislead people by saying they don't release pay information without employee authorization while neglecting to mention they sell everything else without asking permission or giving notification.

It looks like you're doing similar kinds of data collection directly from employers. If an employee doesn't request income verification or any other service from you folks, do you collect any data on that employee?

[sizzle]

Can we force them not to collect this info via the recently passed CCPA in California?

[victorkab]

wl, you summarized pretty well how it works indeed :-). A lot of players in the industry hides behind long legal documents.

In our case we get employee information from your employer but it’s never shared to third-parties by default. We always go through the process of notification to the employee before releasing any data and, as an employee, you can refuse to share that data. The requester is in a holding pattern until you consent to data sharing.

Hope that helps

[gnu8]

Ultimately the purpose of your enterprise to help employers collude to suppress wages. Please shut it down and disappear. Otherwise I hope you die toiling in poverty.

[vageli]

> It’s really a loss for consumers across the United States.

> The reality is that a large part of the fintech sector still depends on the data provided by Equifax. Their data is also used for KYC and other security use cases.

> We have started Truework (https://www.truework.com) to break that dependency and give consumers control of their data. If you’re interested to help us, please contact me by email.

I would be curious to know more about how you give consumers control over their data. I took a look at your link but it is not clear to me.

[victorkab]

Hey Vageli,

Thanks for your question. I wish our website was clearer :), but we’re working on that!

When Truework gets a request for data on you from a third-party we send you a notification to know whether or not you want to share your data with that third-party.

If you refuse, we will not share that data. It’s different from the current model that our competitors use, which is to just share right away.

[vageli]

Thank you for taking the time to respond :)

That is an interesting model, it seems to me that Truework would position itself as an identity aggregator of sorts. In that case, it seems a large challenge would be gaining the trust of organizations (which it seems you are succeeding at, congratulations!).

Among my worries are that this establishes a rather large target for data breach as presumably the company would hold identity docs and other documents used for authentication or verification purposes. Out of curiosity, since my experience is more in banking/healthcare, is Truework subject to any regulatory framework?

[victorkab]

No problem!

Yes, earning trust is the most important piece. However, organizations are excited to participate once you show that you are the right security & privacy practices in place. We've had a lot of great momentum there.

For regulatory frameworks, it depends on the circumstances and the type of data that you are dealing with. For most of our use cases, it's:

* FCRA, aka Fair Credit Reporting Act that all Credit Reporting Agencies must follow.

* HIPAA, for health data

Of course, you have more generic frameworks such as CCPA, GDPR but that's true for all companies.

[jagged-chisel]

Once the 3rd party has a copy of the data, now they can freely share it with their 'partners and associated companies.' You're helping me, yes. But you're friction for a bank and I don't know how you could possibly stay in business for the long term in that position.

[beh]

Right — curious how this company is truly doing anything different than Equifax? You’re still aggregating sensitive personal information and selling it to verifiers. What’s the long term plan to actually make a difference?

[vageli]

To offer a counter, some organizations would rather introduce friction if it limits their liability or reduces risk.