My lease is coming up on my car so I’ve recently spent a lot of free time searching online for a replacement vehicle. I’ve particularly been interested in the all-new 2019 GMC Denali pick-up truck, which I mention because of the box at my front door.
You see, my wife and business partner, Michelyn, had ordered some yoga equipment from Amazon the other day. It arrived as promised … but the box it came in? That concerned me.
I don’t know all of the details of the campaign or how or why I was the lucky one to get a reminder that I need a new truck, but it’s a little creepy. Or was it simply coincidence? From my perspective, it appears that Amazon, GMC, or someone else has decided my truck buying data isn’t just interesting to them, it’s interesting enough to share with paid advertisers.
As an advertiser, I see the appeal. But as a business owner of an HR company, I’m getting a little concerned about marketing’s push for data and the likelihood that someone, someday might start tapping into employee data for the right price.
Here’s the catch: while some employee data, like social security numbers, IS protected, other information about employees isn’t, particularly when it comes to behavior-based information. And that info is awfully revealing and appealing.
For example, let’s say Dave submitted vacation time. Does he know where he’s going? Maybe he still needs a place to stay. What’s preventing an HR service or team from selling that tidbit to Expedia or Kayak? Or maybe Carlos was recently promoted and is being transferred to another office. How much is that worth to a realtor? Sarah was written up again for arriving late. I bet she needs a new Apple Watch … or maybe Samsung will want to pay more. Or could she use a different job closer to home? I can see the advertisers lining up already.
The security of this type of employee data is currently something akin to a gentlemen’s agreement. There’s nothing that says a business owner can’t use it for marketing purposes (unless the business owner includes that in a contract) or sell it to the highest bidder. But I’m the CEO of an HR outsourcing company — and privacy and confidentiality trump everything.
We all know the story of Facebook’s data. There was nothing that said Facebook had to keep our activity or our connections’ activity and info secure. We’ve all signed countless data rights away over the past 10 to 20 years with Facebook and plenty of other businesses. But it’s unlikely many of us ever imagined or allowed Facebook to sell our data the way they did. Still, it happened and no one really knew there was a way to prevent it until it was too late.
Data breaches are common, so common that they rarely seem like “news” any more. While I don’t have the power to change marketers who are ready to buy their way into your privacy, I do have the power to hold my employees to the highest standards of trust and confidentiality. I also have the responsibility to ensure YOUR data and your employees’ data is protected. My company goes through rigorous data-security audits on a regular basis, and even recently had to ask clients not to call or fax employee information to us — phones simply aren’t secure. However, our site and the tools we offer for clients and their employees are. In fact, we’re SOC 1 Type 2-certified, which means you can feel confident in the measures we proactively take every day to mitigate potential risks.
My advice to every business owner out there: make sure you know your employee data is safe from hackers and from anyone who may ever decide it’s a commodity to be bought or sold. It’s past time we all adopt that approach.