In case you haven’t heard, there is a major scuffle happening in the HR/payroll industry that ultimately led one party to file a defamation suit against the other. While these two companies fight it out in the press and the courtroom, one of the primary – and extremely important – issues at the heart of the squabble is about security and employee data privacy. Without getting into the particulars of the case at hand (if you are interested, read this blog post), there is a question about the way the defendant accessed the plaintiff’s systems, which was allegedly less secure and created excessive server utilization.
When we think about the highly sensitive information an HR solution can store (i.e. social security numbers, background screening check results, bank account information, dependent data), protecting that data from a potential breach or cyberattack should be the top priority – for you and your solution provider. We’ve all read about the significant financial and personal costs involved when personal data is stolen.
As a client, it is imperative for you to not only understand the tools and methods your HR solution provider employs to protect your company and employee data but also are confident they are doing what they say. There are two kinds of security features you need to ask about – the first are those that protect data from external threats, and the second are those that protect against access to the information from unauthorized users.
Here are a few questions you should be asking when it comes to the security and privacy of your data:
Where will our data be housed? If the solution is Cloud-based, find out whether or not the company meets the security requirements of an internationally accepted framework such as the Statement on Standards for Attestation Engagements (SSAE) No. 16 which test and audit standards for IT infrastructure security.
What methods do you use to ensure the secure transmission of data? Make sure they are using the latest encryption methods.
Does your solution support the latest web browser versions? Some Cloud-based solutions only work on specific web browsers, or worse, older versions. Security patches are generally only made available to the most current versions of web browsers and you may be putting your system at risk by being forced to run outdated, unprotected software.
Does your system provide dynamic role-based security? This allows you to limit the information different levels within the company have access to which ensures compliance with laws such as HIPPA while protecting personal and benefits information.
Are you passing any of our data to third-party systems? If yes, make certain you understand what data is being passed, how it is being passed, and what policies are in place to ensure it is safe and protected by the third-party partner.
Any vendor worth their salt will go above and beyond to answer any questions you have regarding the safety of your data. If they hesitate, that is your cue to run, not walk, to the nearest exist.
PeopleStrategy is committed to information privacy, especially given the sensitivity of data with which we are entrusted both internally and externally. Our achievement of the Statement on Standards for Attestation Engagements (SSAE) No. 16 assessment demonstrates that the company has instituted the required operational controls and safeguards at our data centers to protect client data. For more on the protections we offer our clients, download our Technology Overview.