Just swap this story around and change it to:<p><i>Big corp. starts illegally stealing data through improper means and not following T&C of small-funded startup</i><p>and there would be an uproar.<p>All those fluff tech-sites that treat Apples new Iphone with incremental changes as "big news" would suddenly have months of juicy news to bash the big corp to the point where their bigger media-parent companies would follow suit and damage the big corp indefinitely.<p>Maybe folks should just call "a spade a spade" here.<p>The startup violated the T&C of ADP and whether or not ADP is 100% honest of the server-volume from this company, the startup still committed an illegal action.<p>You can "disrupt" industries all you like, but when you break explicit contracts, you can't go crying on social media about it and expect things to work out for you.<p>As far as PR goes, ADP won with this line:<p>"We’re willing to work with our clients who use Zenefits, and with Zenefits directly, to find a solution
that fulfills our clients’ needs and protects their data."
I'm glad they posted this. It sounds like Zenefits could get away with using a startup mentality to work around an enterprise software/platform provider's generally accepted architecture for integrations, if not their explicit TOS, and was burned. Perhaps ADP will learn from this and look at it as an opportunity, or perhaps they won't. It's not like enterprises with ADP contracts are going to switch away from them because they can't use Zenefits on top of it....<p>Integrating with ADP is easy, but like so many other enterprise software/platform integrations, each project has to be taken independently. Zenefits doesn't want this but ADP doesn't have any real reason to change things.
I hate ADP with a burning passion (as a user of them across three different companies now) but their points are totally reasonable. Zenefits looks like a petulant child and seems to have made no good faith effort to integrate with ADP properly.
It's funny watching the Zenefits response: Bring in the yComb & Celebrity Investors (Jared Leto / Ashton Kutcher) to get public opinion on their side via twitter #ADPeeved and a Change.org petition. So far at least on social media there's not a lot of noise from impacted customers. Just negotiate an MSA, pay the fee, build a proper integration and perform better Risk Management in the future (like a $4.5B business should).
It's an interesting shot back at Zenefits from ADP. I have no way to judge ADP's claims with regard to security and the volume of requests. It would not surprise me if they were true... or not. But I suspect the fourth row in the table is the one that really matters.
OP disclosure: I work at a competitor to both - posting this because I find it generally interesting from a data security and integrations perspective.
i posted this yesterday, but the top three reasons i didn't go with zenefits (not that it matters because apparently they are taking over the world):<p>1. sales people were pushy dickheads that implied i was wasting their time by re-scheduling their demo due to emergency client issues, when i am their prime audience - an overworked, underpaid, understaffed startup founder.<p>2. they couldn't articulate how they integrate with my payroll service. it was a bunch of hand waving and "trust us". unfortunately i know how technology works and i'm not going to "trust" anyone unless they have a well defined solution.<p>had i known i was supposed to give them my administrator login information, it would have been a non-starter anyway.<p>3. the fact that their business model was basically to take business from existing insurance brokers seemed a little lame to me. why can't i just pay for your services?
This is not the first time a YC company has "hacked" their way into success-- for example AirBnBs spamming of Craigslist users and violating Craigslists ToS in other ways. In fact, these kinds of things come up so often I wonder if it's not encouraged.<p>It's kinda balsy, though, to get client's admin ids, and then use that to go after their data.... and then when this is cut off, to complain about it.<p>Especially given the entitled and, if ADP is being honest, dishonest way they portrayed the events.
> Our first priority is protecting our clients and their data.<p>...From themselves? If someone wants to manage their account through a 3rd party that allegedly uses some non-standard way of accessing ADP then that's a risk they decided to take. ADP should be figuring out a way to give Zenefits (and any other similar companies) more secure access to their platform, not cutting them off.
Enterprise integrations are expensive and can take a long time to get to market. So I can see why Zenefits would have avoided doing so for as long as possible.<p>Perhaps Zenefits, having using their hack-around for a while, needs to look at a proper integration? Call ADP's bluff? If ADP is telling the truth that they've never had conversations about service integrations with Zenefits before, it seems like that may be a good place to start.
Using ADP was the worst part of my week at my previous company. This PDF is better designed than anything I ever saw from ADP. And good to know of have more ideas about both sides of the story.
<a href="http://blog.zenefits.com/adp-2/" rel="nofollow">http://blog.zenefits.com/adp-2/</a>
ADP rolls out Zenefits competitor hours after claiming they were not in a lawsuit.<p>The truth will always reveal itself!
/zenefits EE
Other side of the story: <a href="https://news.ycombinator.com/item?id=9688058" rel="nofollow">https://news.ycombinator.com/item?id=9688058</a>
<i>"but it was pulling sensitive information, including unmasked Social Security numbers and employee banking information"</i><p>Did ADP just admit they keep SSN and banking information in plain text on their servers???