Data Security

At Vault Verify, we are working hard to ensure employers are paying attention to the quickly changing landscape around data privacy as it is highly impactful to the industry in which we reside.  These legislative changes will revolutionize the data management practices for vendors and employer service providers, including the Employment and Income Verification Industry.  The data brokers in these industries are surely lobbying for exceptions and working diligently to find ways to minimize disruption to their core business/data acquisition strategies.  At Vault Verify these new requirements align with the way our model and technology were designed from the beginning.  

The type and volume of data being collected, stored, and distributed in our industry is simply staggering (as is the associated risk).  The largest data broker in the Employment and Income Verification industry professes “136 million active payroll records, over 500 million historic records, from more than 2 million different US employers”.  This data includes extremely sensitive personal information such as SSN, highly detailed ‘pay period’ and ‘year-to-date’ earnings information, rate of pay, job titles, employment type, job status, and termination reasons on every employee of a given employer-customer supplied to the vendor every pay period. This data is gathered and stored regardless of whether the employee’s data was ever needed for a valid Employment or Income Verification.  Now let’s get back to the overview of the upcoming legal changes.   

Every piece of passed and upcoming data privacy legislation includes some form of Data Minimization requirements; meaning, in simple terms, the data collected and stored must be limited to only what is relevant and necessary.  

Each state has requirements on the businesses related to the collection and storage of Sensitive Information including disclosures, permissions, and consent.   

Enforcement will largely be handled by the respective Attorneys Generals (for Colorado, Connecticut, Utah, and Virginia). California has stood up a new California Privacy Protection Agency to oversee and enforce California Privacy Rights Act (CPRA) compliance.  

When does this legislation Take Effect and what is the Risk?

  • California Privacy Rights Act (CPRA) “effective 1/1/2023 (includes a 12-month lookback provision), includes fines of $7,500 per consumer violation 
  • Virginia Consumer Data Protection Act, effective 1/1/2023, includes fines up to $7,500 per violation 
  • Colorado Privacy Act (CoPA), effective 7/1/2023, includes fines up to $20,000 per violation 
  • Connecticut Data Privacy Act (CDPA), effective 7/1/2023, includes fines up to $5,000 per violation 
  • Utah Consumer Privacy Act (UCPA), effective 12/1/2023, includes fines of $7,500 per violation 

What should employers do? The easy answer is to shift your verification programs to Vault Verify as we are already compliant, fully scalable, and have the most effective configurability. Our customer base is the most satisfied and loyal in the industry.  

What makes Vault Verify so different? For starters, Vault utilizes real-time API integrations that eliminate the mass send and storage of data. Vault further specifically agrees to never sell or share your data outside of fulfilling valid, employee-consented verification requests. Vault is not a data broker looking to monetize your data.  

However, barring everyone immediately moving their verification programs to Vault Verify, employers should, at minimum, formally assess the state of their vendors’ data management and data privacy practices.  Ideally, this would be a professional assessment conducted by data privacy experts, such as Privageo. In consideration of the new and upcoming compliance and breach risks, this assessment will be one of the better business investments that your organization can make.  

If you would like to learn more about Vault Verify’s employment and income verification services, please request a demo. For more blog content, be sure to sign up for our subscription to stay notified of new blogs.

Donny Phillips
Director of Sales/Channels at Vault Verify

Donny Phillips is a 25-year industry expert who has served in leadership for multiple human resource and payroll service providers, including some of the largest third-party administrators and employment and income verification vendors. During his career, Donny has consulted with and provided services to employers of all sizes from the largest of the Fortune 100 to local small businesses as well as local governments and federal governmental agencies. Donny is passionate about helping clients optimize programs while focusing on doing the right thing for all stakeholders.