When we first contacted Innovate UK to get an advice on potential funding for our project they gave us contacts of the Knowledge Transfer Network. KTN links new ideas and opportunities with expertise, markets and finance through their network of businesses, universities, funders and investors. The very next week we were on a long phone call with KTN discussing funding and networking opportunities for an innovation start-up both in UK and EU. We found this relationship extremely fruitful and pivotal on our journey to what we hope will be a successful innovation.
Nova Extraction started working with the Enterprise Europe Network (EEN) an organisation founded by the European Commission to help small businesses to innovate and succeed in the EU marketplace. This is a great opportunity to work with the largest European information and consultancy network. Our intention to contribute to EEN and to benefit from their experience, be sure to check out the global app development rates.
HR at my enterprise has decided to email copies of paystubs to all employees with direct deposit. The stub has the employee’s name, address, and the last four digits of his or her Social Security number, along with pay information to making employees view paystubs. As the security manager, they’ve asked me whether this violates any data privacy regulations, and, if so, how to amend the process to comply with those regulations. Does this violate any regulations? If so, do you have any advice on how to create a system like this that complies?
To the best of my knowledge, this doesn’t violate any existing or forthcoming regulations. It’s important, of course, to double-check with corporate attorneys.
That being said, take some time to understand how the emails are being generated and whether the system that sends them has full Social Security numbers (SSNs) stored in it. If it does, find out how those numbers are being stored (encrypted, hashed, etc.).
There are also several other important questions to ask. For example: How is the payroll data moved to whatever system generates the email, and who has access to that system? Is the data encrypted in transmission? Is this part of an outsourced function or is it all being done in-house? If in-house, is the system being properly patched and maintained? If outsourced, what are the provider’s processes and procedures for maintaining the security of the data, including patching and configuration management, as well as how this data is segmented from other customers? This may seem like a lot of questions, but the security of the data is worth it in the long run, so don’t be shy about sharing any concerns with the payroll system architects.