Human Resources (HR) departments that want to automate their business processes have more options than ever. In the past 20 years, hundreds of new HR automation solutions offering payroll, benefits, time and attendance, and other core human capital management (HCM) services have come on the scene. Many of these newcomers offer bundled business automation solutions that make deployment and everyday use easier.
But there’s a major drawback to entrusting third-party marketplace vendors with multiple layers of HCM access points: the potential for misused or breached employee data. New data privacy laws and regulations enacted around the country demonstrate that employers’ obligations to protect their employee data will only grow in the coming years. It’s more important than ever to minimize employee data storage outside of your own human resource information system (HRIS).
The primary security risk to most organizations is the use of “send and store” or file feed models of data sharing, which require employers to send a full employee data file to their vendor on a weekly basis. The largest and oldest HCM marketplace vendors tend to use this data-sharing method, which means that many organizations do, too. (Equifax, which serves 80% of United States employers, requires weekly file feeds from its customers.) This outdated model has three serious drawbacks:
- All employee data is instantly out of date. Any bonuses, new hires, or firings that occur after the file has been sent will not be reflected in the data. This can be particularly troublesome for new employees, many of whom seek loans for a new car or home immediately upon starting a new job.
- Your HR department takes on more administrative tasks. Not only do HR representatives have to create and send a weekly file, but they must also field more phone calls from verifiers with questions about the outdated information found within that file.
- You lose control over how employee data is stored or used as soon as it leaves your HRIS. Deliberate and accidental misuse of data is always possible once it’s out in the world. In fact, 60% of data breaches are caused by insider security incidents, which include incidents involving contractors with granted access and those who receive the data through a routine “send and store” arrangement. Beyond breaches, you might be surprised by the ways HCM marketplace vendors use your data beyond its original permissible purpose.
Many of the prominent HCM marketplace vendors have built their business models around access to employee data; slicing, dicing, repackaging, and reselling that data to other companies is extremely common. Using data this way goes far beyond what any individual employee agreed to when he or she consented to an income verification or verification of employment.
There is a better way to protect employee data. Modern, real-time application programming interface (API) integration has significant benefits over the old file feed model. API integrations minimize data storage outside of your HRIS and automate data destruction after authorized use, ensuring that the protection of that data remains up to your organization’s standards. Real-time data ensures total accuracy while eliminating the administrative burden of creating a weekly file (and no more calls from frustrated verifiers). And an API can pull and share a single employee record at a time without exposing the rest of your employee data.
With Vault Verify’s API model, employee data exposure is limited to just those records and purposes that are expressly authorized. Our secure and standardized verification process protects you from evolving regulations governing privacy and employee rights while ultimately reducing your data exposure by 99%. Additionally, we only have temporary access to any single employee’s data to fulfill the requested verification, only as expressly authorized by your company and the employee.
Is your organization still partnering with a VOI and VOE vendor that uses the “send and store” or flat file model? Calculate how much you could reduce your liability by switching to a vendor that uses a modern API model, like Vault Verify. Or schedule a 30-minute demo to discover how Vault Verify can help you better protect employee data.