Should we be regulated?

[AliceKlaar]

Let’s face it, most IT owners don't even do back ground checks on new employees....most owners are just happy to find someone who knows something about computers and will work for the salary they offer.

I know exactly who my staff are, due to their security clearance reports or from my own digging. I don't hire in random external contractors or one off specialists without checking their background. That's just common sense risk management. As it happens if we do need to hire in a temp it identifies an inhouse skills deficit that generates a need for appropriate training ie CPD.

Would a criminal record be a bar to membership of your new world order of IT Professionalism ? Should it? Here on Technibble we have a variety of peccadilloes eg. substance abuse, speeding citations, money laundering, DUI, GBH, animal cruelty, drugs trafficking, fraud, fake CV and my favorite.... international arms smuggler. They are all just regular techs trying to earn a honest living and move on with their lives.

I'm sure we've all heard about that one guy...or one shop that rips people off....and he still doing it....right?
...and I'm tired of hearing about elderly people getting charged for expensive repairs on old XP computers.

"Too bad" and also "Too bad" again. It's a buyers market where customers may go where they see fit. If they get ripped off, then they just had an expensive life lesson and should go elsewhere next time. If Jo user goes to a shop and asks how much to fix their PC, it is up to them to decide if the quoted $$$ is too much or not. Anyway, how much is too much? And who says so? Jewelers regularly work on 100-150% markup. A plumber may replace a 20c washer but will charge you $190 or whatever the market will bear. Are we not all doing "whatever" for the profit margin?

More reasons for licensing:

1. Licensing establishes a professional and ethical environment for both the consumer as well as employees.
2. Licensing makes us accountable for your action, getting rid of the bad guys for good.
3. Licensing raises the standards of the IT professionals, creating an even playing filed for fair competition.

1. Ethics: I've never been there, but the brochure looks nice. In a results orientated environment I find that people just want the job done and don't care or want to know how that is achieved. Also, if the poop hits the fan then they can blame their scumbag contractors. In my time within international financial services ethics went out the window if it affected the bottom line eg LIBOR
2. Accountability: I am already accountable for my business actions. Liability insurance is an additional safety net. It is too easy to use shell companies or multiple ID to beat the majority of checks.
3. Standard XYZ would become the minimum baseline standard, and still would not guarantee competency or quality of work. Jo public would have no idea what it meant, just like them certs I keep in dusty filing cabinet.

Apparently you need to pass a theory and practical test to have a licence to drive a car... Insurance too. That idea worked out okay

What I really don't understand is.., when a business is required by law to protect a clients information to the point that dozens for forms must be signed explaining why information is kept so private and that no one can have access to it......and then......they let some unknown friendly IT guy comes into that office and he or she is allowed to log onto the companies computer where everything about the company, the company's customers and employees is available to them....to do with as they please.....

....and no one knows that all their employees and customers names, addresses, SSI's numbers, credit cards information, Insurance information and medical history was just copied onto a thumb drive that day.

Been there, done that... exciting, but risky and sometimes it's the only way. You may have heard of the OPM or TalkTalk. They were both legally required to protect information. Both were hacked with massive data loss. No drive required.

On a personal note I would like to mention that I find it offensive that just because I am not signed up to their regulated club, some people would think I am not fit to be a tech and do not run my business properly.
As it happens, I'm dead good at what I do, so you can <insert appropriate expletive> your unregulated opinion.

 

[coffee]

I know exactly who my staff are, due to their security clearance reports or from my own digging. I don't hire in random external contractors or one off specialists without checking their background. That's just common sense risk management. As it happens if we do need to hire in a temp it identifies an inhouse skills deficit that generates a need for appropriate training ie CPD.

Would a criminal record be a bar to membership of your new world order of IT Professionalism ? Should it? Here on Technibble we have a variety of peccadilloes eg. substance abuse, speeding citations, money laundering, DUI, GBH, animal cruelty, drugs trafficking, fraud, fake CV and my favorite.... international arms smuggler. They are all just regular techs trying to earn a honest living and move on with their lives.



"Too bad" and also "Too bad" again. It's a buyers market where customers may go where they see fit. If they get ripped off, then they just had an expensive life lesson and should go elsewhere next time. If Jo user goes to a shop and asks how much to fix their PC, it is up to them to decide if the quoted $$$ is too much or not. Anyway, how much is too much? And who says so? Jewelers regularly work on 100-150% markup. A plumber may replace a 20c washer but will charge you $190 or whatever the market will bear. Are we not all doing "whatever" for the profit margin?

1. Ethics: I've never been there, but the brochure looks nice. In a results orientated environment I find that people just want the job done and don't care or want to know how that is achieved. Also, if the poop hits the fan then they can blame their scumbag contractors. In my time within international financial services ethics went out the window if it affected the bottom line eg LIBOR
2. Accountability: I am already accountable for my business actions. Liability insurance is an additional safety net. It is too easy to use shell companies or multiple ID to beat the majority of checks.
3. Standard XYZ would become the minimum baseline standard, and still would not guarantee competency or quality of work. Jo public would have no idea what it meant, just like them certs I keep in dusty filing cabinet.

Apparently you need to pass a theory and practical test to have a licence to drive a car... Insurance too. That idea worked out okay



Been there, done that... exciting, but risky and sometimes it's the only way. You may have heard of the OPM or TalkTalk. They were both legally required to protect information. Both were hacked with massive data loss. No drive required.

On a personal note I would like to mention that I find it offensive that just because I am not signed up to their regulated club, some people would think I am not a fit to be a tech and do not run my business properly.
As it happens, I'm dead good at what I do, so you can <insert appropriate expletive> your unregulated opinion.

Well done.

A grand example of licensing is the Medical Field. Now every doctor is required to have malpractice insurance. So much for "raising the bar" and such. Since the government got involved everything is now more expensive.

Licensing never works. I bet if I were a soldier in battle and I got shot I would not sit around waiting for a "Licensed Doctor".

 

[citizensmith]

Here on Technibble we have a variety of peccadilloes

 

[ohio_grad_06]

If they start regulating computer repair, I'm closing up. I'm only 34, will be 35 in a month or so, but if I've learned one thing, you usually do not want the government involved in these types of things. The computer repair business in my opinion is too competitive as it is, with less revenue available than what there used to be. The last thing you need is regulations to essentially tax business owners. With all those regulations will no doubt come some kind of costs and fees. No thanks.

Also, as far as the examples of people getting charged too much or this or that, you know what, I tell my clients a flat rate up front. You don't like the pricing , hit the road and and you don't have to come back. I don't have time for people to to quibble over pricing. Also, older systems with older OS's, hey not every tech these days may have tools for Windows XP etc. I rarely see Windows XP or Vista even, the world has moved on. Those that want to charge a premium might be justified. If your client knows your prices and cries about being charged too much, have the sense to refuse service. I just recently did work for a church that gave me sob stories to get out of a payment. Guess what, they're fired as a client, I don't do work with them anymore.

As far as HIPAA and all, I get it, and you may have a point, but ultimately that's up to the business owner(and IT person) to figure out, and face any penalties if their company/companies aren't doing things right. Personally I don't work with medical/dental offices etc so I don't have to worry about that.

On the point of being required to have so much experience, I don't agree. I see where you are coming from, but just having experience or a certification does not make you a good tech. I mean how many people do you know that have their A+ cert that you would not trust working on your computer? Myself, I never did get a certification like A+ etc. I have a 4 year degree in computers for like networking etc, but let's face it, my degree was basically a foot in the door for my first IT job. 99% of what I know about computers and networking is due to something breaking and having to figure out how to fix it, or on the job training.

So in my opinion, no way should they regulate us. Most folks here are small businesses trying to make it, I personally don't need any red tape or extra taxes/fees/costs due to regulation. In my opinion, the government gets enough money from me as is. In fact, I am of the opinion they should do away with the whole tax system and just have a flat tax on all purchases, but that's just me.

 

[cypress]

If they start regulating computer repair, I'm closing up. I'm only 34, will be 35 in a month or so, but if I've learned one thing, you usually do not want the government involved in these types of things. The computer repair business in my opinion is too competitive as it is, with less revenue available than what there used to be. The last thing you need is regulations to essentially tax business owners. With all those regulations will no doubt come some kind of costs and fees. No thanks.

Also, as far as the examples of people getting charged too much or this or that, you know what, I tell my clients a flat rate up front. You don't like the pricing , hit the road and and you don't have to come back. I don't have time for people to to quibble over pricing. Also, older systems with older OS's, hey not every tech these days may have tools for Windows XP etc. I rarely see Windows XP or Vista even, the world has moved on. Those that want to charge a premium might be justified. If your client knows your prices and cries about being charged too much, have the sense to refuse service. I just recently did work for a church that gave me sob stories to get out of a payment. Guess what, they're fired as a client, I don't do work with them anymore.

As far as HIPAA and all, I get it, and you may have a point, but ultimately that's up to the business owner(and IT person) to figure out, and face any penalties if their company/companies aren't doing things right. Personally I don't work with medical/dental offices etc so I don't have to worry about that.

On the point of being required to have so much experience, I don't agree. I see where you are coming from, but just having experience or a certification does not make you a good tech. I mean how many people do you know that have their A+ cert that you would not trust working on your computer? Myself, I never did get a certification like A+ etc. I have a 4 year degree in computers for like networking etc, but let's face it, my degree was basically a foot in the door for my first IT job. 99% of what I know about computers and networking is due to something breaking and having to figure out how to fix it, or on the job training.

So in my opinion, no way should they regulate us. Most folks here are small businesses trying to make it, I personally don't need any red tape or extra taxes/fees/costs due to regulation. In my opinion, the government gets enough money from me as is. In fact, I am of the opinion they should do away with the whole tax system and just have a flat tax on all purchases, but that's just me.

Probably one of the best posts you have made on this forum. I agree 1,000%

 

[ohio_grad_06]

So what was wrong with all the other posts??

Just kidding.

 

[freemancs]

Show me how this benefits the consumer or the business owner in some way and I will pay the fee gladly:
http://www.bear.ca.gov/licensing_info/register_faqs.shtml

Keep in mind, I don't consider having a place to complain about the company as a benefit. It doesn't appear that they have any legal authority to enforce things.

A choice quote:

6. Are there any examination, education, or experience requirements for a registration issued by BEAR?

No.

 

[cypress]

So what was wrong with all the other posts??

Just kidding.

LOL nothing at all actually. This one just spoke volumes.

 

[NYJimbo]

I'm sticking by what I posted earlier. We need some kind of control or regulation. Fear of "big government" doesn't mean we shouldn't have some governmental control. If we didn't have it, we would have 3rd world problems in a 1st world country. Laws exist because we need them. Laws are made by "government", which in this country is actually by the people. We need to regulate our business if we want it to improve. That's my feeling, take it or leave it, I'm not going to debate it .... I'm out...

 

[seedubya]

Government regulation without a demonstrable benefit to the public good that is directly derived from that regulation is just taxation. e.g. PSA here in Ireland.
Also bear in mind that the best designed regulations are of no benefit if they are not enforced e.g. public health - not enough inspectors.
Furthermore, it should be the case that this public good should not be achievable in some other, less onerous way.

Please note that I don't believe that the market is enough to regulate many activities - I agree with regulation in principle but not many of the current practices.

An example of regulation that work well is HIQA here in Ireland - they regulate public and private hospitals, nursing homes etc. and have been instrumental in exposing some awful practices, particularly in the private sector care of the aged, the physically disabled and the intellectually disabled in both the public and private sectors.

 

[citizensmith]

Would a criminal record be a bar ? Here on Technibble we have a variety of peccadilloes eg. substance abuse, speeding citations, money laundering, DUI, GBH, animal cruelty, drugs trafficking, fraud, fake CV and my favorite.... international arms smuggler..

 

[myleso]

I think some regulations are fine but I was a licensed building contractor in California for 20 years and I can assure you that having a similar type of license for computer repair will have zero effect on pizza techs, what it will do is increase the cost of doing business for legitimate computer repair businesses and make pizza techs even more appealing to customers. I saw it happen in the construction industry and I don't know why it would be any different for our computer businesses.

 

[vickie thivierge]

So....true!

I won't disagree with anyone on the reasons for or against licensing of this industry as It's never easy to professionalizing and industry. I've gone through this before and it was hell to get it done but the outcome has more than stopped the bleeding we were dealing with. The bleeding was caused by inexperienced, dishonest and non-professional people pretending they were the professionals. These people over-charged, misleading people about the work being done, charged customers for work that was never done, and caused consumers to engage in fraudulent situations for the financial benefit of the agents. Oh Yeah...., everyone saw the train-wreck coming but no one would do anything about it until it became catastrophic. The bleeding it cause reached it's peek as people lost jobs and homes because of this practice.

I'm not saying that this could happen here, I'm just saying it's never easy to justify regulating an industry. Had this industry started this process much earlier in the game, standardized and developed regulations, it may not have reached this point of mass destruction.

So....here is the way I see the licensing for this industry, it's more of a background and integrity issue and not as much of a technical requirement here. Classes would have to be completed on Business Ethic's as well as standardization of "Best Practices much like the other services type businesses. Establishing ethical business requirements, and procedures including background checks and....fingerprinting....oh yes....fingerprinting!

I guess my point is .....regulation is coming, either now or later. Doing it now before things get ugly gives us some controls over how this is done. Waiting until the train wreck happens simply tells the world that we are incapable of managing our industry and that's when the government will step in and do it for us.

 

[AliceKlaar]

Creating more "standards" is not the solution.
There are already many existing frameworks that can be applied eg ITIL IT Service Management, ISO 27001 Information Security Assurance, ISO 9001 Quality Management system, PRINCE Project Management for business processes. Gaining accreditation / certification for these is way over the top for the vast majority of Technibble members. ( it's just me. ) However, the bare bone template frameworks therein provide an indicative methodology for those wishing to adopt "Best Practice".
You do not need to implement or comply with every clause or sub para, if it does not apply to you or the way you operate then don't do it. You do not even need to apply for certification. If you choose to gain certification you may need to explain your reasoning to the Auditor (another hat).

@vickie thivierge : The provision of IT services at the Technibble level is nothing like the Financial Services environment
Fingerprints? What good what that do? I would quote the NRA but that would be off topic, so let's try...Remote Support. Put up a web site, some adwords. a bit of SEO and you are good to go, from literally anywhere. I like the Westin on Seven Mile.

 

[nlinecomputers]

Like regulation of the Financial Industry has really protected the public? In my life time the Savings and Loan industry went bust, Enron, Mortgage Crisis, and now the repeated attacks on credit card info (which is NOT an Information Technology problem if the owners don't spend the proper money to secure the networks.) October 2015 was last month. None of my credit/debit cards have the required chip in them yet. There is no certainty that regulation is coming. Again even with massive credit breaches IT insurance is still dirt cheap. If the insurance industry doesn't see a liability then HOW can regulation happen?

 

[AliceKlaar]

https://xkcd.com/927/

Like regulation of the Financial Industry has really protected the public? In my life time the Savings and Loan industry went bust, Enron, Mortgage Crisis, and now the repeated attacks on credit card info (which is NOT an Information Technology problem if the owners don't spend the proper money to secure the networks.)

Exactly !!!

If I spend or transfer € 10,000 in a single transaction then it gets flagged as possible money laundering at both banks. My business could shift €10,000,000 from CH to KY after a killing on the Toblerone Market and nobody cares. Who knows what the banks actually do until they foul up eg Lehman's, LIBOR, PPI, SubPrime Mortgage.
And they still write passwords in their diaries

I have previously worked for a Swiss bank as an IT tech, not as a Financial Services professional / advisor / weasel

 

[vickie thivierge]

Alice, excellent argument, however.....


Yes we have plenty of laws on the books but as with my last industry....there were standards, and laws but no agency to enforce them.

So this situation is a lot like telling a child that you are going to take away their favorite toy if they continue their bad behavior....and you don't follow through. What happens next is simple, the behavior continues. As in any playground there are good kids and bad kids. If the patients of the bad kids don't enforcing any standards the next thing you know these kids are joining gangs and robbing liquor stores or getting jobs at IT company to steal credit card information from their customers (Sorry, I had to toss that in).

And you said, "frameworks therein provide an indicative methodology for those wishing to adopt "Best Practice".

FOR THOSE " WISHING " TO ADOPT "BEST PRACTICES .......and there lies our problem. Not all IT companies wish to entertain "Best Practices." The Pizza tech isn't interested in best practices. The Micro Soft Tech Support guys aren't interested in Best Practices, the Big IT conglomerates in Florida who sell cut rate MSP and then hire the cheapest techs they can find across the country aren't interested in Best Practices. Not even the guys at the mall who fix cell phones are interested in Best Practices.... the bottom line; no one wants to be held accountable for doing substandard work.

And as for accreditation programs, unless the agency is making the consumers aware of the process and what it means the accreditation is worthless. Also, Bad companies can pay for accreditation just as easy as the good companies. And....I might add....if that bad company doesn't comply with the Best Practices policy of the accreditation course work......will that accreditation agency remove there accreditation? I think not.

And just like the financial industry....all those initials that were added on everyone's business cards after taking their "accreditation classes," (the MBA's and RMB's) didn't make a hella of beans of difference. These guy didn't change there evil ways, they simply used the accreditation to allure the unsuspecting consumer into thinking they were the good guys.

And Nline......, The only thing that has been regulated in the financial industry so far is the middlemen, the Banks are still running amuck. The reason for this is has to do with who's in the seat of power....and that's as far as I'm going with that issue. OH...and....everyone knows to never transfer or deposit 10K or more in any one transaction. You need to break it down into smaller transaction just under the 10K limit. Didn't you get the memo?

So let me end with the EMV credit cards issue. I know this has nothing to do with the topic, but Nline brought it up....so I'll comment.

The misconception is EMV card offers "consumer protection" and that is anything but truth. Those new cards are not designed to protect the consumers, as the banking industry would have you believe, but to create a situation where merchants will now share in the loss along with banking industry (and their insurance companies). Because the threat of stolen credit card numbers is a growing problem with no end in sight, the banking industry has conveniently created the EMV credit card and made it a requirement last month before merchants were able to purchase the readers ( I'm still waiting for mine). How convent that the start date happens at the beginning of the Holiday Season.

And for those who are not aware of what this all means, it means the merchant will now share in the loss if they received a bad card with the EMV chip and they don't have the EMV card reader. Of course those who will be effected the most are business who do transaction online and over the phone as you won't know if the card has an EMV chip.

And that my dear friends is how the banking industry is going to reduce their stolen credit card losses for 2016.

 

[AliceKlaar]

Why not settle for "Better Practice"?
Better means less errors, greater efficiency, more happy customer and ultimately more money.
As in everybody on Technibble has learned something from the variety of forum topics that makes them Better... be that toolkits, work procedure, paperwork, technical and business skills, managing customers... whatever. Actually being here shows an intent to be Better, to learn from others. That leaves room for Continuing Professional Development through hands-on doing the job or structured formal training, and absolutely everywhere in between.

Enforcement Ageny? Like LEO? Judicial system?
Good luck with that.
Even here on Technibble, a forum that aspires to Better, there are people who openly disregard some Laws because they feel that it should not apply to them or that Law is just plain "wrong" etc.
Laws only deter honest people.

ACBRO has a code of conduct that looks promising.

Ultimately, this regulation issue is not my problem, I'm not likely to have a US office. That's fine with me... the internet does not stop at the US border.


And now for EMV Chip & Pin...

EMV move to Chip & Pin in Europe.has reduced CC fraud where the card reader has been used. Of course your numbers may be skimmed, cloned and sent to areas outside of the chip & pin coverage eg Africa, Asia, USA (oops ) and in other transactions where cardholder not present, non chip readers, or manual counterfoil transactions can be made.
If a CC has a chip the onus is on the cardholder to protect the 4 or 6 digit PIN. Currently the card issuers blame the cardholder for disclosing or not securing the PIN appropriately if there are any "fraudulent" transactions. However,if you are victim of a compromised ATM ( fake front, skimmer and keypad camera) then you should be reimbursed. As you know, FS use fraud monitoring software to flag anomalous transactions. I should add that the banks / CC companies will pay out a settlement rather than disclose in court as to just why their Chip & Pin system is so secure.
So, if the PIN is used then the cardholder is responsible. If unable to use the PIN, then the retailer is entirely liable. Check signatures, driver's license any other cards in same name etc. I hear cash is still accepted. If you know the wrong people, you can rent @30% card readers with addons that will SMS your card details + PIN to a burner phone or anon SMS service eg http://hs3x.com/read-sms-17172198239.html

Some Friday Freaky Facts
How many chances to guess the PIN ?
You get 6 chances to guess the PIN, 3 on a reader and 3 at the ATM (Remember to smile for the camera). Some folks re-use the same PIN (some card issuers actually advise doing this so you don't forget it!)
How many 4 digit PINS are there ? 10,000
How many unique non re-using a digit? = 10*9*8*7 = 5040
Remove consecutive,corners, patterns ~ 40 = 5000
Best case of 4 cards per wallet identical PINs 6 guesses per card ~ 1: 200 chance.
Driver's license DOB? Birthdays 19xx ~20% of PINs

Solutions:
Remove the Mag Stripe support <- really, this.
Each card uses a different PIN

 

[HairesPCRepair]

Isn't the Government already in our lives enough? Don't they already regulate enough? Everything they touch they break, healthcare, public schools, the Country. The list goes on!!!