Elevating HR Data Protection: Mitratech and Vault Verify

Reece Nanfito |

Human Resource departments truly are the “people engine” managing all the employee touch points involved in running an organization, from identifying the staffing needs to recruiting, hiring, retaining, and offboarding its employees – they also deal with HR data.

To accomplish the many tasks and functions required of a modern HR department, many HR executives select multiple HR tech vendors, each providing a partial solution that saves time, resources, or money. When these outsourced solutions are combined with in-house functions, the needs of the organization are covered. Whether engaged for I-9 compliance, background screening, tax credits, or unemployment claims, each service provider may need access to certain employee and HR data to perform their function on behalf of the company.

Employee & HR Data = Exposure Risk

Granting multiple access points to employee data sets is fraught with exposure risk. Any company-wide security measures intended to protect private information are only as strong as the weakest security among the vendors receiving the data. The employer can lose control of the data once it is shared. With new state regulations in the United States, especially the California Privacy Rights Act, employers are now subject to stiff fines if they fail to protect employee data. With the advent of new data compliance requirements for employers, the world of HR Tech has suddenly become more complex, and the need for proper vendor vetting and contracting is more acute.

There are many legitimate needs to share employee data to facilitate certain HR functions when outsourced to vendors. When contracting with these vendors, there is a responsibility to verify and monitor how the vendor may manage this access. Ideally, the data used is timely and accurate. But often, the data sharing is delayed or overexposed due to the “send and store,” or flat file model, where a complete data set is shared with the vendor, perhaps each pay period. In such an arrangement, the data can be “stale” in a rapidly changing workforce environment. Or, the file-sharing obligation is not restricted, and in many situations, a vast repository of PII is shared with a vendor who may not require all the data to perform the contracted service. The data for all employees may be shared, but only a few employees utilize the service. A relevant example would be employment and income verifications, where, in an average year, only one in five employees may require a verification report.

Outsourcing A Service

When outsourcing a service, the “status quo” for years may have been to provide the entire employee data set. This has either persisted because the vendor demands it, or because it is perceived as being more convenient to set up the transmission of a full report each pay period. This increases the risk of data exposure due to the sheer volume of data given, and it also may be tempting for the vendor to further monetize that data by repackaging and reselling that data beyond its intended use. In fact, some vendors who are also data brokers may combine employer files, gained through HR tech services, into a collective employee database that is a key element in their data brokerage business model. This is certainly not the upfront intent of the employer, who has a responsibility to protect employee data. That responsibility is now elevated to a regulatory compliance mandate in California, with more states moving in that direction.

Mitratech and Vault Verify Combine To Better Serve Mutual Clients
With a deepening privacy interest among both employers and their workforce, these long-established practices should rightfully come into question. Indeed, various state laws will increasingly demand more scrutiny into the protection of employee data. The good news is that this “send and store” method of sharing all employee data with multiple service providers in various reports each pay period is no longer necessary. Thanks to real-time API technology, there is a better way!

Mitratech, the leader in human resource compliance, is proud to announce a new alliance with Vault Verify to better serve mutual clients.

Vault Verify is an innovative provider of outsourced employment and income verifications. When a client is contacted regarding a verification of employment or verification of income (VOE or VOI) report for an employee applying for a mortgage, for example, Vault Verify can provide a timely and accurate FCRA-compliant report, eliminating the labor burden for the HR or payroll department.

Vault EDGe Gateway 

To fulfill the online requests from certified verifiers, Vault Verify utilizes real-time APIs with all major HCM platforms. Setup usually takes only a few hours. After that, data is securely accessed through the client’s API, and only the data points needed to fulfill the individually consented service request are extracted and utilized. After the data is provided to the verifier, it is fully removed from Vault Verify’s system. Through this innovative and compliant process, called the Vault EDGe Gateway, clients gain many advantages.  

The Vault EDGe Gateway’s primary benefit is that clients can greatly reduce potential employee data exposure. The typical scenario with competing VOE/VOI providers involves the HR department sharing its entire employee data set and payroll data in a file transfer each pay period. Once that data is shared with a third party, the security of the PII is only as good as the vendor’s protection level. Large data breaches have occurred in the past with HR tech vendors. Any control the HR department had over the employee data is lost when all data is shared. The best way to minimize risk is to reduce the amount of data shared. Using Vault Verify’s EDGe Gateway also results in consistent efficiency improvements for clients.

Another benefit of the Vault EDGe Gateway is that HR departments can utilize the services of other HR tech vendors that will access their data through the Vault EDGe Gateway, thus realizing the same security benefits while reducing APIs or data reports required to fulfill their services. Through the agreement to utilize the Vault EDGe Gateway to access the employee data of clients who also utilize Vault Verify, Mitratech can facilitate the I-9 management with Tracker I-9, or the background screening with AssureHire, gaining secure access to real-time data and notifications without added integrations.


Perhaps the most welcome benefit realized by clients of both services is the reduced overall cost through bundling. Vault Verify’s VOE/VOI solution is always free to its employer clients. Savings for other HR tech services are possible due to Vault Verify’s unique revenue sharing program. For each verification fulfilled for an employee, Vault Verify shares a portion of the verifier fee with the employer. After all, it’s YOUR data! This revenue stream can be delivered to you in the form of a reduction in the price paid for Mitratech’s service lines, including Tracker I-9 and AssureHire. The savings can be quite substantial.

If you are interested in realizing the security advantage of the Vault EDGe Gateway, the efficiency of Vault Verify’s VOE/VOI services, and a reduced price for your Mitratech services, please contact your Mitratech rep today for a customized review.

Our focus? On your success.

Schedule a demo, or learn more about Mitratech’s products, services, and commitment.