Let’s talk data. Yes, that data. The one that belongs to your customers. Not your data.
In a world of cloud platforms we seem to have forgotten a basic principle in day to day human relationships of the past; before technology. A life where your word was everything. Something no one would allow themselves to break or damage. Here doing so meant self destruction.
Scope in all of this. Think major Human Resources platforms. BambooHR, ADP, GreenHouse, Asby and even BreezyHR. These really are the simple ones. Now add PEO accounting and HR software. Here we have one parent, hired to handle a function for many small businesses, start ups, early lives who don’t have budget to handle professional level HR for a small company size.
How many straight business to business HR platforms do those major cloud based solutions have as clients? How many employees does each client have?
Keeping in simple, one HR cloud solution has 100 clients, each client employs 100 employees. That is a central location of 10,000 employee records, personal identifiable information. Salary, employer, SSN, and a connecting company EIN, whether direct or indirect to the company it does exist.
PEO, simple enough. I’ve worked in the PEO accounting software at one point in my career. One client, the PEO solutions provider had 200,000 individual employee records from an unknown number of small businesses who trust the PEO their data is safe.
Back to cloud. All of that is in the cloud for easy access to the people they provide services for. Trust is the link binding the agreement. SOC and SOC 2, a framework developed by the American Institute of Certified Public Accountants who evaluate internal controls as validation of protecting client data.
Other areas have more layers of certification. More protection of client data. This protection certification process is heavy, deep in time for documentation and expensive. So clients feel safe trusting their data.
This protection we have seen many times is breached. Something was missed, hacked and personal identifiable information captured and sold on the dark web. Response is typically data monitoring offered when explaining details of the data breach, stating the issue was resolved. End story.
Unfortunately each customer deals with real world fallout. Even with data monitoring damage can be extensive, not only in credit rating, time to remove negative, even at times leading to court expense all paid for by the victim. The one whose data was breach paying the price for “oops, I’m sorry.”
So why have we not considered data we hold that others give us to help make their lives easier, changing our position to stewardship? Stewardship is saying this belongs to you, you trust I keep your data safe. It is not mine to sell, collect or do anything with before you give explicit permission. I then do only what I am entrusted to do, keep your data safe, making your life easier.
I myself then often ask, why so much data in the cloud, controlled through security of a single source. Each breach comes with response “sorry”; solution moves to more security, more could, more data and then you get another “sorry”. Rinse and repeat.
Everyone acts in good intention, this is not some grand scheme to give your data away.
What is happening, stewardship, the person to person handshake died. A feeling my name is everything, on scratch on it, I could be completely destroyed. That was stewardship agreements. That was accountability. One oops, then another oops isn’t stewardship, no one is accountable.
Unsure of what I write. Ask who was the last company destroyed by the biggest data breaches today?
That question is a rabbit hole to unwrap. Even only 5 years back we find many that a breach was only one reason a company went bankrupt. No real direct correlation to a data breach and bankruptcy.
Larger companies, well they have money, insurance and several ways to avoid bankruptcy. What happens is they lose revenue for longer terms. However, they remain in business, cloud storing the data of customers they retained over the breach.
And still, more cloud data arrives. More entry points, more damages, more losses for the individual. And still individuals feed it more data.
I’ve never really understood this loop, I don’t claim I do. I do know it is done with good intention, trust in data security to make life easier. But is easier really there result?
Is there something more we miss without taking the standpoint of stewardship of customers data?