Seeking answers to the hard questions of privacy and identity for the HRIS community

  • PRIVACY IS BECOMING PRIMARY

    Can we continue with the status quo in a world where a single mistake can create unrecoverable damage to your reputation or fiscal ruin?

  • CAN WE RE-IMAGINE THE SOLUTION?

    Can we imagine a world where a business built upon ownership of the employee record shifts. It shifts to curation and rabid protection of the employee record with a focus on Employee ownership of their personal information?

  • CAN DECENTRALIZED IDENTITY BE THE ANSWER?

    Blockchain isn’t just Bitcoin anymore. The use of the underlying technology is quickly being embraced by many industries for secure,

Image

Every Idea Deserves a well thought out Elevator Speech


The employee lifecycle and the HRIS systems that manage it gorge on personally identifying information, account IDs and banking data.

In addition to these localized (or SaaS) systems there are numerous third party transactions which swap employee data in order for us to get paid, have a 401k, enjoy having a health plan, etc.

Today as an employee we must give (occasionally sign) away the right to use and manage this data in order to provide for our families.

As the EU’s GDPR and other privacy oriented legislation throughout the world have inspired new or enhanced privacy regulations being developed within the United States, the risk associated with managing and retaining employee data is becoming unacceptably high.

This level of risk could compromise the ability of small, mid-sized and even the publicly traded providers such as ADP or PAYX to do the job that employers have asked of them.

Employers and outsourced HR providers need a solution that allows them to conduct the business of managing the employee lifecycle while avoiding (wherever possible) the potential mis-management (and hoarding) of employee data.

I believe that SSI (Self-Sovereign Identity) has the potential to be a solution to both protect and secure HRIS data, and to give the individual employee control over the flow of data associated with the employee record within HRIS ecosystems in an understandable and easily managed way.

I also believe that where previously many believed that ownership of the employee record was an asset, that providing privacy and secure curation of transactions related to this sensitive data will be the a requirement for the future success of HRIS software and service providers.

v2.1

Logan Cashwell, Author / Instigator

Bio

After spending the better part of 20 years in the HRIS industry, I’ve come to deeply respect the trust given to us by employers to be the caretakers of their employees’ personal data.  They take a big risk, and we need to honor that.

Always a technologist, I have worked for four distinct HRIS platform/service providers in the following roles:  Product Management, Technology Director, Technical Support Manager and various Business Development roles.

I started my career in HRIS systems scanning payroll check signatures with a hand-held grayscale scanner, which strangely set the tone for the next twenty years.

Academics

While currently pursuing my Doctorate in IT/Cyber Security and Information Assurance, my educational background includes being ludicrously over-educated with double Master’s degrees in Information Systems Technology Management and Organizational Leadership, a B.S. in Organizational Management, and an A.A.S. in Electrical Engineering.

Thoughts

My current question is, even with audits and firewalls and protocols, etc., are we really doing as much as we can?  Many providers place value on holding the employee record and adhering the client to their business via ‘stickiness’ associated with having many well meaning connections to the employer.  What if we changed our worldview and instead built value around the rabid protection of employee identity data?