Hacker News new | ask | show | jobs
by victorkab 2235 days ago
Hey Vageli,

Thanks for your question. I wish our website was clearer :), but we’re working on that!

When Truework gets a request for data on you from a third-party we send you a notification to know whether or not you want to share your data with that third-party.

If you refuse, we will not share that data. It’s different from the current model that our competitors use, which is to just share right away.
2 comments
vageli 2235 days ago
Thank you for taking the time to respond :)

That is an interesting model, it seems to me that Truework would position itself as an identity aggregator of sorts. In that case, it seems a large challenge would be gaining the trust of organizations (which it seems you are succeeding at, congratulations!).

Among my worries are that this establishes a rather large target for data breach as presumably the company would hold identity docs and other documents used for authentication or verification purposes. Out of curiosity, since my experience is more in banking/healthcare, is Truework subject to any regulatory framework?

link
victorkab 2235 days ago
No problem!

Yes, earning trust is the most important piece. However, organizations are excited to participate once you show that you are the right security & privacy practices in place. We've had a lot of great momentum there.

For regulatory frameworks, it depends on the circumstances and the type of data that you are dealing with. For most of our use cases, it's:

* FCRA, aka Fair Credit Reporting Act that all Credit Reporting Agencies must follow.

* HIPAA, for health data

Of course, you have more generic frameworks such as CCPA, GDPR but that's true for all companies.

link
jagged-chisel 2235 days ago
Once the 3rd party has a copy of the data, now they can freely share it with their 'partners and associated companies.' You're helping me, yes. But you're friction for a bank and I don't know how you could possibly stay in business for the long term in that position.
link
beh 2235 days ago
Right — curious how this company is truly doing anything different than Equifax? You’re still aggregating sensitive personal information and selling it to verifiers. What’s the long term plan to actually make a difference?
link
vageli 2235 days ago
To offer a counter, some organizations would rather introduce friction if it limits their liability or reduces risk.
link