The financial cost of data breaches is rising – with the average breach costing an organization USD4.35 million, according to a July 2022 IBM report. However, the real cost to your company and to you, as a chief executive, is to your reputation.
October is Cybersecurity Awareness Month, but to Pavan Kochar, every month – every hour of every month – is dedicated to cybersecurity, and she has a message to fellow chief executives: Protect your employees’ data.
The YPO member and Founder and CEO of Certree, a document anti-fraud and data security company, is bringing attention to a threat with which you – and many of your employees – may be unfamiliar.
“Most of us do not realize that our payroll data, including our Social Security number, date of birth, salary and title go to data brokers,” she says. “If you’re a larger employer, you may be sending that data to those data brokers to support functions such as employment or income verification,” Kochar explains. “If you’re a smaller company, that information may be going to those brokers through your payroll provider. There are tremendous risks associated with all of this.”
One well-known risk is that of data breaches. Because of the huge volume of information these data brokers amass from companies, they are the frequent targets of hackers. Kochar points out that one of the biggest brokers, Equifax, is hit with more than 30 million cyberthreats daily.
That’s not a typo. Just a single data broker faces more than 30 million threats every day.
But CEOs – and their human resources directors – must also consider Fair Credit Reporting Act (FCRA) violations. Companies are the target of class action lawsuits by consumers – aka their employees – who believe mistakes in their information lead to credit or employment offers being denied. In certain municipalities, the stakes are even higher for employers. In California, for instance, a new aspect of the California Consumer Privacy Act goes into effect in January 2023, giving employees greater control over and protection of how their personal information is stored and shared by their employers.
“In 2021 alone, more than 5,400 class action lawsuits were filed against employers and background check companies for FCRA violations,” Kochar says. “That’s because inaccurate information is being used for hiring and lending decisions.”
This is information about employees that they don’t have the opportunity to check for accuracy.
Kochar explains, “It’s all because the individual is not in the loop. They don’t get to see what information is being shared about them and how these decisions are being made.”
Kochar urges CEOs to prioritize protecting the employee data collected in their organizations.
What CEOs can do
Kochar encourages employees to ask their employers about how their data is collected, stored and shared. But as a CEO herself, her best advice is for other chief executives, and it is quite simple:
- Ask for explicit consent to share employee data with third parties.
- Leverage technology designed to protect data and employees.
Products like Certree’s deliver verifiable, tamper-free information – like proof of income or proof of employment – directly to the employee. The employee can check for accuracy, ask their employer to make necessary corrections, and then share that data when needed, when applying for a loan, for instance. The platform also acts as a form of free identity theft prevention for both employers and employees, since employees actively monitor their data and decide who can access their sensitive information.
“Employees cannot change the content, so the bank knows it is authentic, but they have 100% control of where they share it,” Kochar explains. “Why should an employer send my sensitive private data to a data broker without my consent or awareness?” Kochar asks. “Just because it is legal doesn’t mean it is ethical.”
She adds, “If you’re a CEO outsourcing this function, find out where the information is going. If you’re outsourcing it to a broker, reconsider. Because employees are going to start to ask where their information is going. People are starting to care a lot more about their data privacy and data security.”
She assures fellow CEOs that the effort is worth it. “By showing you care about your employees and their data security, not only will you attract more talent, but you’ll also enhance your brand in the marketplace.”