employment – Page 2 – Bredemarket

That’s Not Your Job

(Imagen 4)

If you are a jobseeker on LinkedIn, you have probably seen people claim to be recruiters from well-known companies, when in truth they are nothing of the kind.

Faking your employer has existed for a long time. Just ask the Delaware State Police, who for some reason isn’t keen on people who impersonate police officers.

“[A] 23-year-old man from Laurel, Delaware…reported that he had been driving eastbound on Nine Foot Road, east of Laurel Road, when a white Dodge Magnum with Arizona registration pulled behind him and activated flashing red and blue lights. As the victim began to pull over, the Dodge passed him and continued driving.”

Because Arizona police officers patrol Delaware all the time.

The 23 year old was rightfully concerned, called 911, reported the incident, and described the vehicle. But that wasn’t the end of it.

“Shortly after, the driver of the Dodge pulled up next to the victim and verbally confronted him. The victim did not engage, and the suspect eventually fled the scene.”

After an investigation, the Delaware State Police arrested Blayden Rose of Selbyville, Delaware, for impersonating a police officer.

The real Blayden Rose, courtesy the Delaware State Police. The police like to take pictures of special people.

Rose may or may not be a handyman, and his connection to Arizona is unknown. But at least in Delaware, flashing lights are generally prohibited on non-emergency vehicles.

Not sure if Rose can get off on a technicality (“I wasn’t claiming to be a cop, I was just doing a strobe show”), but it reminds us that we have to trust, but verify.

The One PII/PHI Data Point No One is Discussing

In a February 2024 discussion of the differences and similarities between personally identifiable information (PII) and protected health information (PHI), I published an exhaustive list of types of PII, some of which are also PHI.

Social Security Number.
Passport number.
Driver’s license number.
Taxpayer identification number.
Patient identification number.
Financial account number.
Credit card number.
Personal address.
Personal telephone number.
Photographic image of a face.
X-rays.
Fingerprints.
Retina scan.
Voice signature.
Facial geometry.
Date of birth.
Place of birth.
Race.
Religion.
Geographical indicators.
Employment information.
Medical information.
Education information.
Financial information.

Looks complete to you, doesn’t it? Well, it isn’t. To, um, identify the missing bit of information that is both PII and PHI, take a look at this LinkedIn post from Jack Appleby. (Thanks to packaging expert Mark Wilson for bringing this post to my attention.)

“A dream brand just sent me a gift package & invite… but they broke the two most important rules of influencer gifting…

“The package was a ridiculously cool collab hoodie + an invite to an event I’ve wanted to go to since I was just a little kid… but the hoodie is a medium… and I’m an XL… and my name was spelled wrong on the invitation.”

And no, I’m not talking about Jack Appleby’s name.

I’M TALKING ABOUT HIS HOODIE SIZE.

And yes, hoodie size in combination with other information is both PII (personally identifiable information) and PHI (protected health information). If your hoodie size is XXL, but your height is only 5’1”…that has some health implications.

Yet at the same time it’s also vital business information. It’s collected from prospects and new employees at trade shows and during employee onboarding. And as Appleby’s example shows, there are potentially severe consequences if you get it wrong.

But does your favorite compliance framework include specific and explicit clauses addressing hoodie size? I bet it doesn’t. And that could be a huge privacy hole.

(The hoodie in my selfie is from my 2022-2023 employer. And yes I still wear it. But I got rid of my IDEMIA, MorphoTrak, Motorola, and Printrak attire.)

Know Your Teacher

Another KYx acronym from the educational identity realm: Know Your Teacher. A South Carolina school district didn’t:

“On Thursday, the Laurens County School District 55 Superintendent Jody Penland announced a teacher at Waterloo Elementary will “no longer serve” as a teacher at the school.”

Why? Because she wasn’t who she said she was.

“School officials discovered Bryia Lattimore Scott of Simpsonville was impersonating Viola Church in order to gain employment at Waterloo Elementary.”

Scott was arrested, and bond was set at $5,000.

Know Your Recruiter “Kristen”

(4/14/2025 Fixed a typo. It’s KORN Ferry, not KORAN Ferry.)

Maybe it’s me, but I’m wondering if Kristen really works for SourceOwls. I know she has 980 followers and all, but yet…

I’d post the link to Kristen’s profile, but it would probably be gone by the time you read this.

Anyway, she sent me an InMail, and I responded.

I got my answer.

Seriously, LinkedIn is filled with people who falsely claim that they work for SourceOwls, Korn Ferry, Kelly…even Amazon. And a verified profile doesn’t offer protection, because a verified profile only confirms identity—not employment.

Know your recruiter.

Training the Bot (who was smarter than I thought)

Perhaps I was a little agitated or excited this afternoon.

Perhaps I was a little agitated because five (or maybe more; I lost count) scammers had sent me LinkedIn DMs when they gravitated to my #opentowork LinkedIn banner…like flies speeding to a carcass. (Which gave me an excuse to write about identity management on LinkedIn.)

Or perhaps I was a little excited because a Never Search Alone participant had shared an identity management product marketing position with me.

The bot says hello

After applying for said job, I was reading the company’s website to learn about its identity management product when the company’s bot kept on messaging me.

At 2:30 pm Chat Bot says: Hello, this is an AI Rep from [COMPANY]. If you need any assistance, feel free to ask.

At 2:30 pm Chat Bot says: Saw that you’re interested in our SaaS management and identity governance software. Any questions?

Being the curious type (after all, I worked for IDEMIA), I wondered how the chat bot would deal with what I REALLY wanted to ask about.

Not about a demo.
Not about the company’s recent funding round. (Series B, $35 million.)
Not about how they want to save the badgers or whatever.
But about my just-completed job application.

At 2:47 pm I say: With 30 years’ identity experience and 9 years as a PMM, I just applied for your Sr PMM Identity Management role. So the only question that I have is when you will interview me.

Yes, 30 years. Not “over 29” years. See my prior post.

And yes, my assumption that the company would immediately drop everything and interview me may have been a little overconfident. But it’s better than imposter syndrome.

And after all, this was just a bot. I assumed that the bot would be completely confused by my question, so no harm would come from overconfidence.

You know what they say about people who assume?

The bot exceeds expectations

At 2:47 pm Chat Bot says: Thanks for applying for the Sr PMM Identity Management role! Could you provide your email address so we can follow up on your application status?

One note here: the bot parroted my response back to me. The company’s job description does not include a job title with the “PMM” acronym.

Regardless, I was pleasantly surprised. The bot was trained to respond to job applicants. So I provided the email address that I used for my job application.

The bot does not meet expectations

That’s when I was UNPLEASANTLY surprised.

At 2:47 pm Chat Bot says: Thank you for your interest. Please provide a business email address so we can follow up on your application status.

Apparently the training wasn’t thorough enough. Think about it; if you’re an individual applying for a job, why would you apply with a “business email address”? Which one? From your current employer? THAT is not a good idea.

But as it turns out, I DO have a business email address-the one for Bredemarket. So I entered that, even though that email address does not appear anywhere on the job application that I had just submitted.

At 2:47 pm Chat Bot says: Thank you for providing your email. Our team will review the conversation and follow up if necessary. How else can I assist you today?

So it will be interesting to see whether the company contacts me at both of my email addresses.

(Post image generated at craiyon.com)

Postscript for those who don’t click on every link in a Bredemarket post

You missed Brian May’s collaboration with the Weebl folks.

From https://www.youtube.com/watch?v=EllYgcWmcAY.

This resonated with me because in mid-September I spent some Instagram time thinking about the word “flash” (as in how fast a human can create content).

View this post on Instagram

Know Your Recruiter

KYR = Know Your Recruiter.

My two most popular LinkedIn posts over the last two weeks discussed scammy SMS texts I received from people who claimed to work for Randstad and Indeed but clearly did NOT.

THIS post clearly won’t garner tens of thousands of impressions, but it’s much more important: how do you differentiate a real recruiter from a fake one?

The easiest test—which all the fake recruiters fail—is to ask the recruiter to provide their corporate email address. But even that can backfire when the fake provides an email from an ALMOST good domain such as endeede.com and hopes the mark doesn’t notice the difference.

There are other tests, but my “biometric product marketing expert” preferred tests such as comparing a live PAD#-tested selfie against a driver’s license don’t prove anything. Sure, such methods can prove that Anna Morgan is Anna Morgan, but they don’t prove her profession per se (fractional talent acquisition leader / recruiter / career coach).

So for now the best KYR tactic is to ask for a corporate email address. Definitely don’t take the recruiting conversation to Telegram.

# PAD = presentation attack detection. A presentation attack is when you substitute a fake face (or another fake, such as a fake driver’s license) for a real one.

AI image by Microsoft Copilot because Google Gemini still won’t draw people.

Personally Protected: PII vs. PHI

(Part of the biometric product marketing expert series)

Before you can fully understand the difference between personally identifiable information (PII) and protected health information (PHI), you need to understand the difference between biometrics and…biometrics. (You know sometimes words have two meanings.)

The definitions of biometrics

To address the difference between biometrics and biometrics, I’ll refer to something I wrote over two years ago, in late 2021. In that post, I quoted two paragraphs from the International Biometric Society that illustrated the difference.

From https://www.biometricsociety.org/about/what-is-biometry.

Since the IBS has altered these paragraphs in the intervening years, I will quote from the latest version.

The terms “Biometrics” and “Biometry” have been used since early in the 20th century to refer to the field of development of statistical and mathematical methods applicable to data analysis problems in the biological sciences.

Statistical methods for the analysis of data from agricultural field experiments to compare the yields of different varieties of wheat, for the analysis of data from human clinical trials evaluating the relative effectiveness of competing therapies for disease, or for the analysis of data from environmental studies on the effects of air or water pollution on the appearance of human disease in a region or country are all examples of problems that would fall under the umbrella of “Biometrics” as the term has been historically used….

The term “Biometrics” has also been used to refer to the field of technology devoted to the identification of individuals using biological traits, such as those based on retinal or iris scanning, fingerprints, or face recognition. Neither the journal “Biometrics” nor the International Biometric Society is engaged in research, marketing, or reporting related to this technology. Likewise, the editors and staff of the journal are not knowledgeable in this area.
From https://www.biometricsociety.org/about/what-is-biometry.

In brief, what I call “broad biometrics” refers to analyzing biological sciences data, ranging from crop yields to heart rates. Contrast this with what I call “narrow biometrics,” which (usually) refers only to human beings, and only to those characteristics that identify human beings, such as the ridges on a fingerprint.

The definition of “personally identifiable information” (PII)

Now let’s examine an issue related to narrow biometrics (and other things), personally identifiable information, or PII. (It’s also represented as personal identifiable information by some.) I’ll use a definition provided by the U.S. National Institute of Standards and Technology, or NIST.

Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.
From https://csrc.nist.gov/glossary/term/PII.

Note the key words “alone or when combined.” The ten numbers “909 867 5309” are not sufficient to identify an individual alone, but can identify someone when combined with information from another source, such as a telephone book.

Yes, a telephone book. Deal with it.

By © 2010 by Tomasz Sienicki [user: tsca, mail: tomasz.sienicki at gmail.com] – Photograph by Tomasz Sienicki (Own work)Image intentionally scaled down., CC BY 3.0, https://commons.wikimedia.org/w/index.php?curid=10330603

What types of information can be combined to identify a person? The U.S. Department of Defense’s Privacy, Civil Liberties, and Freedom of Information Directorate provides multifarious examples of PII, including:

Social Security Number.
Passport number.
Driver’s license number.
Taxpayer identification number.
Patient identification number.
Financial account number.
Credit card number.
Personal address.
Personal telephone number.
Photographic image of a face.
X-rays.
Fingerprints.
Retina scan.
Voice signature.
Facial geometry.
Date of birth.
Place of birth.
Race.
Religion.
Geographical indicators.
Employment information.
Medical information.
Education information.
Financial information.

Now you may ask yourself, “How can I identify someone by a non-unique birthdate? A lot of people were born on the same day!”

But the combination of information is powerful, as researchers discovered in a 2015 study cited by the New York Times.

In the study, titled “Unique in the Shopping Mall: On the Reidentifiability of Credit Card Metadata,” a group of data scientists analyzed credit card transactions made by 1.1 million people in 10,000 stores over a three-month period. The data set contained details including the date of each transaction, amount charged and name of the store.

Although the information had been “anonymized” by removing personal details like names and account numbers, the uniqueness of people’s behavior made it easy to single them out.

In fact, knowing just four random pieces of information was enough to reidentify 90 percent of the shoppers as unique individuals and to uncover their records, researchers calculated. And that uniqueness of behavior — or “unicity,” as the researchers termed it — combined with publicly available information, like Instagram or Twitter posts, could make it possible to reidentify people’s records by name.
From https://archive.nytimes.com/bits.blogs.nytimes.com/2015/01/29/with-a-few-bits-of-data-researchers-identify-anonymous-people/.

So much for anonymization. And privacy.

Now biometrics only form part of the multifarious list of data cited above, but clearly biometric data can be combined with other data to identify someone. An easy example is taking security camera footage of the face of a person walking into a store, and combining that data with the same face taken from a database of driver’s license holders. In some jurisdictions, some entities are legally permitted to combine this data, while others are legally prohibited from doing so. (A few do it anyway. But I digress.)

Because narrow biometric data used for identification, such as fingerprint ridges, can be combined with other data to personally identify an individual, organizations that process biometric data must undertake strict safeguards to protect that data. If personally identifiable information (PII) is not adequately guarded, people could be subject to fraud and other harms.

The definition of “protected health information” (PHI)

In this case, I’ll refer to information published by the U.S. Department of Health and Human Services.

Protected Health Information. The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”¹²

“Individually identifiable health information” is information, including demographic data, that relates to:

the individual’s past, present or future physical or mental health or condition,

the provision of health care to the individual, or

the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.¹³ Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. §1232g.
From https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

Now there’s obviously an overlap between personally identifiable information (PII) and protected health information (PHI). For example, names, dates of birth, and Social Security Numbers fall into both categories. But I want to highlight two things are are explicitly mentioned as PHI that aren’t usually cited as PII.

Physical or mental health data. This could include information that a medical professional captures from a patient, including biometric (broad biometric) information such as heart rate or blood pressure.
Health care provided to an individual. This not only includes written information such as prescriptions, but oral information (“take two aspirin and call my chatbot in the morning”). Yes, chatbot. Deal with it. Dr. Marcus Welby and his staff retired a long time ago.

Robert Young (“Marcus Welby”) and Jane Wyatt (“Margaret Anderson” on a different show). By ABC TelevisionUploaded by We hope at en.wikipedia – eBay itemphoto informationTransferred from en.wikipedia by SreeBot, Public Domain, https://commons.wikimedia.org/w/index.php?curid=16472486

Because broad biometric data used for analysis, such as heart rates, can be combined with other data to personally identify an individual, organizations that process biometric data must undertake strict safeguards to protect that data. If protected health information (PHI) is not adequately guarded, people could be subject to fraud and other harms.

Simple, isn’t it?

Actually, the parallels between identity/biometrics and healthcare have fascinated me for decades, since the dedicated hardware to capture identity/biometric data is often similar to the dedicated hardware to capture health data. And now that we’re moving away from dedicated hardware to multi-purpose hardware such as smartphones, the parallels are even more fascinating.

How livescan fingerprinting enrollment service providers win business

One of the tasks that I used to perform as an employee of IDEMIA was to track the state-by-state status of livescan fingerprinting enrollment services. And I soon discovered that enrollment services differed substantially from IDEMIA’s other major product lines.

This post describes the nuances in livescan fingerprinting enrollment services, the many players that are involved, the livescan technology, and (most importantly) how enrollment service providers win business.

Why enrollment services differ from driver’s license and AFIS services

At IDEMIA, I tracked the company’s presence in three major product lines (and a slew of others). And IDEMIA’s presence in each market differed depending upon the nuances of the markets.

For IDEMIA’s driver’s license services, there was only one provider for each state. Let’s face it, you can’t have two agencies issuing state driver’s licenses. (Although I guess this would satisfy someone’s libertarian fantasy.)
For IDEMIA’s automated fingerprint identification systems (AFIS), there was only one provider of law enforcement AFIS in each state. However, there were other statewide fingerprinting systems back in the days when fingerprints were used for welfare benefits, and a number of county and city law enforcement agencies had their own AFIS systems.
But for IDEMIA’s enrollment services, there could potentially be dozens or hundreds of small businesses that provided the service. All of this depended upon how the state authorized enrollment. In some states, only one private entity could provide enrollment services, while in some other states multiple private entities could do so.

Why we have enrollment services

So what are “enrollment services”? I’ll defer to my former employer IDEMIA and use the description from its IdentoGO website.

IdentoGO by IDEMIA provides a wide range of identity-related services with our primary service being the secure capture and transmission of electronic fingerprints for employment, certification, licensing and other verification purposes – in professional and convenient locations.

Of course IdentoGO isn’t the only “channeler” in town. A number of these small businesses that provide enrollment services are allied with Certifix Livescan, others with Thales (Gemalto), others with Fieldprint, others with Biometrics4All, and others with many other FBI-approved channelers.

And in some cases, you can go to your local police agency and have the police capture your fingerprints for enrollment purposes.

The Ripon (California) Police Department provides LiveScan fingerprinting service to the public. https://riponpd.org/?page_id=1226

The channelers, and the hundreds upon hundreds of local businesses that are supported by them, handle some or all of a variety of fingerprint verification tasks, including (depending upon the individual state or Federal regulations) banking, education, firearm permits, health care, insurance, legal services, real estate, social services, state employment, transportation, and many others.

The basic theory is that if you are, for example, applying for a banking position, your fingerprints are searched against the FBI’s fingerprint database to make sure you don’t have a prior fraud conviction.
Or if you’re applying for an education position, you weren’t previously convicted of committing a crime at a school or with children.
Or if you’re applying for a transportation position, those multiple drunk driving convictions may cause a problem.

You get the idea.

Who are the end enrollment service providers?

So who are these small business owners who offer these livescan fingerprinting enrollment services?

In most cases, enrollment services are an add-on to a small firm’s existing business.

Maybe the business is a travel agency, and it offers fingerprinting along with other travel-related services (such as passport photos).
Maybe the business is a tax preparation service.
Maybe it’s an insurance agency.

So the business buys or leases a desktop livescan station, aligns with one of the major channelers, gets the necessary state approvals (in California, from the Office of the Attorney General), and waits for the applicants to…well, apply.

Livescan fingerprint capture isn’t idiot-proof, but if I can do it, you probably can also

“But wait,” you may say. “Isn’t the capture of fingerprints a specialized process requiring substantial forensic knowledge?”

She’s not a CSI, but she played one on TV. By Source, Fair use, https://en.wikipedia.org/w/index.php?curid=17752707

While you do need to take care to capture fingerprints correctly, livescan systems have dramatically improved in quality, allowing a travel agent or insurance agent to capture high-quality prints.

(I’ll let you in on a little secret: even the law enforcement officers who capture livescan prints from criminals don’t necessarily have years of experience in fingerprint capture.)

As someone who has worked with livescan systems since the mid 1990s, I can attest to the dramatic improvements in livescan technology. I wasn’t around in the early 1990s when Printrak and Digital Biometrics partnered to provide an AFIS-compatible livescan, but I was certainly around when Printrak introduced its own livescan, the LiveScan Station 2000 (LSS 2000), that competed with Digital Biometrics, Identix, and other livescan providers. (Today, former competitors Digital Biometrics, Identix, and Printrak are all part of a single company, IDEMIA.) The LSS 2000 used a Printrak-manufactured capture device attached to a computer running Digital UNIX.

By the time I became a product manager (not for livescans, but for AFIS servers), Motorola introduced two new livescan devices, the LiveScan Station 3000U and the LiveScan Station 3000N. (The “U” stood for Unix, the “N” for the Windows NT family.) The capture device for these two workstations was manufactured by Heimann Biometric Systems, which through a series of subsequent mergers is now part of HID Global.

When you’re an employee of a fingerprinting company, you’re often asked to participate in fingerprint scanner tests. (At least you were in the days before GDPR and CCPA.) So the livescan engineers decided to compare the capture quality of the LSS 2000, the LSS 3000U, and the LSS 3000N. I joined several others in participating in the scanner tests.

But I ran into a problem.

At the time that I participated in this scanner test, I had been working with paper for about two decades, and as a result of this and other things I have very light fingerprints. This isn’t an issue if you’re using a subdermal fingerprint capture system (Lumidigm, one manufacturer of such systems, was also acquired by HID Global), but it’s definitely an issue with the average optical system.

Oh, and did I mention that we were capturing our OWN fingerprints as part of this test? Rather than getting a trainer or someone with law enforcement experience to take our prints, this motley assemblage of marketers and engineers was following the DIY route.

With the result that the fingerprints that I captured on the LSS 2000 were pretty much unusuable.

But the later generation LSS 3000 prints looked a lot better. (I believe that the LSS 3000N prints were the best, which heralded the last hurrah for UNIX workstations in the AFIS world, as Windows computers proved their ability to perform AFIS work.)

And of course time has not stood still since those experiments in the early 2000s. (Although you can still buy a LiveScan 3000N today, for the price of $1.00.)

LiveScan 3000N, offered for sale at https://www.propertyroom.com/l/morphotrak-finger-print-scanner-camera/14061023

Today you can buy livescan stations that capture prints at 1000 pixels per inch (ppi), 4 times the resolution of the 500 ppi stations that were prevalent in the 1990s and early 2000s. And frankly, that are still prevalent today; most law enforcement agencies see no need to buy the more expensive 1000 ppi stations, so 500 ppi stations still prevail.

So how does a customer select a livescan fingerprinting enrollment service provider?

So let’s say a customer is applying for a position at a bank or at a school or somewhere else that asks for a fingerprint check. In the state of California, there’s not just one place that you can go to get this service. For example, there are probably a dozen or more enrollment service providers within a few miles of Bredemarket’s corporate headquarters in Ontario.

So how does a customer select a livescan fingerprinting enrollment service provider?

Well, customers do so just like they do with any other business.

IdentoGO Mobile Enrollment RV. https://www.identogo.com/mobile-enrollment-rv

Maybe they saw a picture of the IdentoGO RV and that caused “IdentoGO” to stick in their mind when searching for an enrollment service provider.
Or maybe they’re driving down a street in the neighborhood and they see a sign that mentions “livescan fingerprinting.”
Or maybe they’re on Facebook and see a page that promotes a specific livescan fingerprint enrollment service provider.

The key for the enrollment service provider, of course, is to make sure that your message stays top of customer’s mind when the time comes for the customer to need your service.

Your message needs to appear where the customer will see it.
Your message has to speak to the customer’s needs.
And your message must explain how to obtain the service. Does the customer have to make an appointment? If so, how does the customer make the appointment?

If the customer never sees your message, it’s going to be a lot harder for the customer to use your business. While the California Office of the Attorney General does include a list of all of the authorized livescan fingerprinting providers in California, and all of the various channelers maintain their own lists, neither the Attorney General nor your friendly channeler is going to necessarily direct someone to YOUR business.

You need to let your customers know of your existence, and WHY your service BENEFITS them as opposed to the service down the street.

Bredemarket can help.

If you provide livescan fingerprinting enrollment services and need experienced and knowledgeable help in getting your message out to your customers, contact me:

Send me an email at john.bredehoft@bredemarket.com.
Or go to calendly.com/bredemarket to book a meeting with me.
Or go to bredemarket.com/contact/ to use my contact form.