Maintaining robust data security and privacy standards when sharing sensitive employee data with a third party is challenging using most traditional verification processes. While being asked to forward income or employment data to a lender or another employer might seem like an innocuous request, giving out personal information can open your business to a range of potential privacy risks. Likely concerns include:
- How do you know the person contacting you for verification is who they say they are?
- Are you sharing personal employee information via email that is vulnerable to data hacking?
- Has your employee given you adequate consent to divulge all the confidential information being shared?
- Can you be sure you haven't made a data entry error when responding to requests?
Compromised emails
The inherent security weakness of email makes it a favourite tool for hackers to spy on personal data. When information leaves your inbox, it passes through multiple servers, leaving it vulnerable to attack as it makes its way to the recipient's inbox. Hackers are keen to collect this kind of data to sell on the dark web or to facilitate identity theft and financial fraud in other ways. While good security practices can help protect emails, they can't altogether eliminate the risk.
Phone scams
Some phone scams (like robocalls) are easy to spot, but fraudsters impersonating a bank or employer are harder to detect. Scammers who trick people into giving out information like full name, income, date of birth or address are able to use this data to fill out false applications for loans or commit other forms of fraud.
Employee consent
There are many grey areas regarding what personal employee information organisations can disclose to a third party under data protection laws. The Fair Work Ombudsman recommends the best practice approach of asking for your employee's consent each time you disclose personal information about them. And, in these times of increased remote work, even confirming that it is your employee making the request is an increased risk. Good privacy practices in your workplace can set your business up as a trustworthy custodian of your employee's data, protecting against the legal and reputational repercussions of unauthorised access or misuse of personal information.
A new consumer-permissioned model
A new model for employment income verification is reshaping the way employee data is shared with third parties. Verification Exchange by Equifax is a consumer-permissioned approach that champions secure and transparent data exchange. A verification that in the past may have needed HR and Payroll department involvement can now be done instantly through the exchange, eliminating the need for employer handling of verification requests.
The process begins with the employee giving consent to their financial service provider to access the Verification Exchange. Once obtained, that financial service provider can get the specific information they need to verify employment income directly and securely from Verification Exchange on a one-time only access basis. The Exchange securely links to employee payroll records of participating employers, delivering a standardised report to the third party financial service provider through a secure online portal. Before they gain access, the financial service provider must have supplied a permissible purpose and have had their identity credentialed under stringent requirements imposed by Equifax as Australia’s largest facilitator of data brokerage services.
Verification Exchange incorporates best practices in data management, with all records encrypted at rest and in transit. Credentialed financial service providers only access data within Australia, and all data remains in Australia within the Exchange.
This consumer-permissioned approach to employee data sharing heralds a significant leap forward for safeguarding sensitive data at a time when consumers are asking for more transparency and control over their data. It gives employment income verification a seismic upgrade in security, compliance, and privacy – all at no charge to the employer.
Watch this video or contact us to find out how Verification Exchange by Equifax can help you improve data protection in your organisation.