In 2017, one of the largest data breaches in history occurred, impacting 143 million US consumers. Data breaches are a regular thing, to the point where smaller breaches don’t even make the news anymore. They do, however, impact millions of people every year.
The fear of a data breach is a huge pain point for employers who have an employee needing employment or income verification. Data security improvements, however, can help both companies and employees feel comfortable when verification is needed.
When is Employment or Income Verification Needed?
Most employees rarely need employment or income verification, but when they do the need is significant and urgent. For the most part, verifications are needed to apply for a loan, when changing jobs, and when soliciting government assistance. Some landlords may also request employment and income verification as part of the tenant screening process.
It’s vital for employees that verification is done quickly and securely. The general process is that the lender or other third party will contact the employer and for verifications. This can lead to a potential security risk for your employee’s personal data, and because of this employers may often be reluctant to give any information.
Why Do Companies Outsource Employment Verification?
For small companies, dealing with very occasional inquiries can generally be handled by someone in Payroll or HR without much of an issue. Larger companies, however, typically outsource this function. There are a couple of reasons to do this. The first is that employment verification is a rote task that can be very time-consuming. The other is that a specialist can provide consistent information quickly. In fact, third party administrators have figured out ways to automate the completion of verifications, and report back to the employer on how many requests are coming in.
However, this also brings up reasonable concerns about data breaches. The companies handling this data are obvious targets, due to the number of records they are working with. There are also privacy and compliance concerns.
This means that companies need to choose a provider that is taking steps to secure the data and protect the privacy of the company and its employees at all times.
What Should You Ask Your Vendor?
There are a few things you should ask or check with a potential verification of employment vendor. The first is who is allowed access to their data. In some cases, vendors may allow unlimited access to certain third parties, such as debt collectors.
This is an obvious security loophole; avoid any vendor that gives unlimited access to anyone except government agencies as required by law. While debt collectors may be authorized to request information, nobody should be poking through the database without some checks.
Also ask your vendor what they are doing to comply with various privacy laws. For example, if you have employees in California, the CCPA applies. Make sure that your vendor covers every employee you have, even employees residing overseas. Be honest with a potential vendor about the locations of remote employees and make sure that they can handle your specific situation.
You should also talk to your vendor about improved security practices. For example, it is good practice to minimize the use of Social Security Numbers so they are stored in fewer places. You should also make sure that your own systems are kept patched and up-to-date.
Finally, make sure you know exactly how they are processing any personal data. Check reports regularly to ensure nothing odd is going on. You have a certain shared responsibility with them to ensure that data breaches don’t happen.
Be transparent with your employees and provide them with this information. In the past, employees have been surprised to be involved in a breach when they did not know that their data was being processed by a third party.
How Else Can I Protect My Employees?
First of all, make sure to choose a verification of employment provider who has not recently experienced a major breach or who, if they have, have been very transparent about how they intend to fix the issue.
Remember that whoever you choose will have access to your employees’ most sensitive information and that you hold if not legal, then at least ethical responsibility to protect that information.
Also make sure that your own HR systems are patched and secure and that all employees are trained not to give out sensitive information. If somebody calls asking for verification of employment, train all employees to redirect that person to your VOE vendor rather than giving anything out; an experienced provider will know how to ensure that the person is indeed authorized to get that information. Without that check it’s possible to give out sensitive information to, for example, a stalker.
If there is a breach, you are responsible for informing your employees and giving them advice on how to prevent identity theft. At the very least, affected employees should freeze their credit report so that inquiries on their credit cannot be made without permission.
What Else Should You Look For?
Look for a company that has a good reputation and is getting good references and reviews. Make sure that they are known for being reliable and providing accurate information to both you and third parties requesting information. A mistake in employment verification can cost your employee a lot, especially if they are trying to purchase a home or take out another large loan.
Also choose a company that has a focus on cybersecurity. It should be one of the top things they talk about, along with accurate reporting. A company that also offers security services may be a good choice. Smaller providers may or may not be better, but can offer customized solutions that also help with payroll and taxes.
If you are looking to outsource verification of employment, one of your primary concerns is going to be the security of the data and the privacy of your valued employees. Quentelle offers the highest levels of security, having developed solutions after the large breach in 2017 designed to ensure that their clients are as protected as possible.