Posted By CotoBlogzz 04-23-2010 09:00 PM
When clients ask us to suggest a cyber security plan, we start out with a number of questions, such as: Do you know about the $1,000 fence for the $1.00 horse? Who is the enemy? The answer usually leads us to the What and the Why of the final proposal. Turns out that some 70-90% of all security breaches are directly linked to insiders. These and other fact lead us to include a recommended best business hiring process, which includes a background check on potential employees, particularly those who may be chartered with guarding the aforementioned horse.
The aforementioned approach has serves us and our clients well for more than a couple of decades. However, in the new Which End is Up World, this may soon change: The Equal Employment Opportunity Commission (EEOC) has stepped up pressure on employers that reject applicants based on criminal records and credit scores.
In 2009, the EEOC accused Freeman, a convention and corporate events marketing company, of discriminating against minority males by routinely rejecting job applicants based on their criminal records and credit histories. According to the EEOC, the practice violated Title VII, because it had the effects of excluding minorities who have disproportionately higher conviction rates and lower credit scores than the general population.
In 2008, the EEOC filed similar casein the Western District of Michigan, this time alleging that the policy of excluding applicants with criminal records had a disparate impact on black people. If you read the tea leaves on who the EEOC called to testify and the prevailing political winds in Washington, it is more likely that the commission will take a harder stance on the issue of background checks, and we will need to retool our best cyber security practices. The challenge is to come up with an acceptable solution to the conundrum: If 70-90% of security breaches are an inside job, and you cannot exclude criminals from the job pool, what do you do?
Curiously, Linda Raede, chief judge of the Northern District of Iowa, ruled against the EEOC for its “sue first, ask questions later” approach in a sexual harassment lawsuit. Judge Raede, ordered the EEOC to cover $4.5 million in attorney fees and expenses the CRST Van Expedited, the defendant company had racked up before the judge dismissed the case.
The latter EEOC behavior is symptomatic of what we refer to as parasitic bureaucracies. Perhaps it is worth asking: Is the EEOC a parasitic bureaucracy, a zealot, or simply a necessary evil?