Protecting Employee Data During “Verification Season”
A current TV ad for home security systems uses the phrase “vacation season is break-in season,” reminding homeowners of the increase in burglaries that occur when families embark on summer vacations. In the world of information security, data thieves don’t necessarily have a season, but they can capitalize on lax process security during peak points in transaction volume throughout the year to glean sensitive information from unsuspecting targets.
Consider the world of employment and income verifications. Employees rely on their employers to provide proof of their work and income status to any number of requestors—mortgage lenders, auto finance companies, credit card issuers or employment screeners to name a few. The individuals within the HR department assigned to provide those verifications likely take steps to ensure that the request is from a valid source and that the requestor has the appropriate consent of the employee. But during a peak season—such as a high volume of employees purchasing new homes during the summer months or taking advantage of low interest rates to purchase new cars—the HR verification team can be overwhelmed with requests and shortcut certain procedural checks. After all, there’s an employee on the other end of that transaction that’s trying to get that new home loan or car loan secured, and no one wants to stand in the way of that. But when effective screening of the information requestors starts to lapse, the opportunity arises for sensitive payroll information to land in unauthorized hands.
So what’s the best way to avoid accidentally providing employment and income data to an unauthorized party? Outsource the verification function to a trusted provider that follows a consistent screening and fulfillment process regardless of fluctuations in volume. Providers with operations purpose-built for handling verifications can scale to meet demand without sacrificing security or speed of fulfillment. The leading providers adhere to Fair Credit Reporting Act or FCRA guidelines regarding the collection, dissemination, and use of employee/consumer information. This ensures that:
- The requesting verifier has a clearly identified permissible purpose—as defined by section 604 of the FCRA—for every verification request submitted. That means only legitimate reasons for receiving the employee’s data, such as an application for credit, in connection with a job offer, to determine child support payments, etc., are allowed. No permissible purpose = no release of information.
- The end recipient/user of the verification can be clearly identified—which means all verifiers need to be fully vetted and credentialed before gaining access to data. This mitigates employer liability and helps ensure employee information doesn’t end up in the wrong hands.
- The employee can view their employment and income record—to review it for accuracy, and dispute any data errors.
- The employee can view a report of who’s requested their data—further assurance that only authorized requestors are seeing their information.
In a recent Equifax Workforce Solutions survey, 82% of the employers who responded ranked FCRA compliance as a key value in their outsourced verification service relationship. Those organizations understand the peace-of-mind that comes with properly handled verifications – during any season of the year.
Recommended For You
It’s no secret that big data can spur innovation — even disruption — but it can also complicate marketing initiatives. […]
Who is this podcast for? Are you an employer or HR representative who would like help to save time, reduce […]
The U.S. Department of Agriculture (USDA) recently updated its policy on how states can leverage modern technologies when administering the […]
John Ray, Enterprise Fraud & Identity Analytics Leader, presented “Evolution of Identity” at the Equifax Spark 2019 conference. For more […]