In the credit driven economy where debt is a strategy, organizations such as Equifax play an important role. The recent data breach has affected nearly half of the U.S. population. An organization of such influential magnitude affecting so many people must act with integrity and be held accountable. Some pundits are saying that organizations like Equifax as well as the whole credit bureau needs to be overhauled. Whether that solution might be to nationalize or reorganize the industry is up for debate, however, it is clear that some changes are needed.

Public Relations

Public relations communications provide context that keep employees and consumers in the know about where the company stands and the direction the company is going. Being so influential, this is one aspect of recovery that the company, as well as the industry, should include in their focus. Since the news broke about the hack, I have seen little in regard of company communications aside from a brief open letter written by the CEO. The company has been slow to respond to the breach and they have declined interviews. This organization and it's responsibilities, influence, and impact are huge in scope. We should be hearing regular updates from their leadership about company efforts to resolve the problem internally and how they are planning to resolve consumer sentiment in an industry where consumer sentiment is already low due to corruption and disregard for consumer rights. Regular public updates should be standard for the industry even when not in crisis mode. Equifax has extended a hand by providing support and credit protection services, although stipulations to protect the company at the expense of the consumer were also included. Furthermore, days after the breach and weeks before it was made public, insiders have been dumping company stocks, which only makes the company image look worse in an already dim public relations fiasco.

Staffing

Overwhelmed staffing has been noted as a concern, which is also common among IT departments. Despite the size of the organization, a recent study by the Center for Cyber Safety and Education has shown that North American IT departments are understaffed, particularly for Internet security. The report states that the combination of virtually non-existent unemployment, a shortage of workers, the expectation of high salaries, and employees who leave companies at rates that only increases among younger generations creates both a disincentive to invest in training and development and a conundrum for prospective employers. Media reports are also indicating that Equifax is overloaded with the public calling with issues and demands for resolution. This on top of a likely taxed IT department increases the chances of repeat issues. The solution lies in meeting the changing workforce with new hiring and recruitment, and professional development strategies, beginning with improved communication of expectations and expanding reach beyond traditional channels. The industry needs to adapt to new socio-economic demands.

Security policy

Security policy is related to the previous point and also adds another point in regards to technical application. The issue could have been prevented by patching the server applications that fixed the security hole. Questions arise as to why high risk patches could have been missed. Considering that Equifax has offices all around the world that interact with each other, the process involves securing and testing a multitude of servers around the world, which can be a timely process. While installing the patch is a complicated process, this cannot be an excuse for such sensitive data. A third party was employed to assess the damage. Perhaps new perspectives from a third party could have been utilized to help patch the affected servers as well. Aside from adding more staff to sustain operation, an updated company policy to monitor and verify that all security patches are installed should be adopted, and, if there is already a similar policy in place, there should be provisions that verify the facilitation of the process.

Transparency

Transparent communication ensures people are in the know about what is happening. Considering that we the public as consumers are not their customers, but more so their product, we don't have as much power to influence the outcome with our wallets as we would with consumer goods, for example. The data is a financial life story, so to speak, of citizen consumers. There might also be other components in the data not related to finances. The immense influence and sensitivity of the data ought to mean less secrecy about what the data contains and how it is handled. The public needs to be in the know so that we can correct any issues. It's up to the public to demand accountability otherwise we are taken advantage of by these powerful entities that are meant to provide service.

People are often worried about the big brother government yet private and public corporations are also participating in much of the same behavior for profit motives. Handling data comprised from tracking consumers is an interesting emerging debate involving data dominant companies such as Google and Facebook along with Equifax and other data brokers. Does the data belong to them? Since it is our actions and behaviors that make the data, does it belong to us as well?

Similar situations are brewing for social media sites such as Facebook. All of their data is made possible by all of us participating through the sharing of our thoughts, photos, life events, etc. Facebook then sells the data as advertising profiles, intelligence reports, and who knows what else. Does the Facebook data also belong to us? Do we get a say in what happens to the data? Should we all receive a share of the profits these companies generate from our lives?

These questions are important to consider in a civil and just society. We need to address these issues in order to improve our society.