If you use a software system to manage and store candidate and employee information, you have an obligation to own this data and keep it secure. With so many services crossing the Canadian and US borders, privacy of data can be easily compromised. Here are five major security checks you should ask to ensure who owns and who has access to your information.
Who is your software provider?
There are a plethora of HR software providers in the US, with more and more startups leading the way in innovation and new technology. Some of the most popular and highest rated companies are based in the US, making purchasing from these suppliers seem like a no-brainer. Most of these software systems are cloud-based, meaning they aren’t hosted on your own company’s servers. Cloud software is useful in that it allows access from anywhere with an internet connection, and is maintained by the vendor, not your IT staff. On the other hand, this type of service raises our second question:
Where is the data centre located?
Since the software is hosting, updating and maintaining their system, they typically need to store their application and client database in a data centre. With the massive US tech industry, the majority of data centres are based in the States. Even Canadian or European providers may host some of their servers in the US.
Who owns the data centre?
Knowing who owns the data centre is equally as important as where it’s located. If a data centre is owned by a US-based company, it is subject to the Patriot Act and PRISM program. This means that the US government and the NSA have the right to access the data.
How are backups handled?
Backups should be made regularly, at least once a day. Incremental (backing up changes since the previous backup) or full (entire system backup) are two different methods of saving data, and are both acceptable. Backups should be stored in a different location than the primary data centre used for the software. This is to ensure that if there is a failure at the data centre, the backups remain unaffected. Check that your data backups are stored on a secure Canadian server in a different geographical location from the data centre.
What does your contract say?
A final critical check is to read the provider’s agreement to see who owns the data. While you may be given private access to your database for the duration of the contract, some software providers may keep the data once that contact is up. To maintain access to your data or to transfer it to another provider, make sure that the contract states you own your data and it will be provided to you at the end of the agreement. There is typically a small fee for the time and effort of providing data, which you may wish to be familiar with ahead of time.
Read more about security and other considerations in our Canadian HR software buyer’s guide.