Let’s say you’ve made the decision to use a SaaS provider to handle your company’s human resource management functions, with all of your most sensitive employee information, from salary data to performance reviews, in the cloud. Would it bother you if the SaaS provider aggregated that data from your company and its other clients, analyzed it, and produced intelligence on the HR-related activities of its customer base?
It doesn’t appear to have bothered 2,200 North American clients of TribeHR, a cloud-based HR software provider for SMBs, co-headquartered in Windsor, Ont. and Waltham, Mass. In its first shot at producing intelligence based on the data it stores on the HR-related activities of those clients, TribeHR has launched the Pay Raise Index, an ongoing analysis it’s able to produce by slicing and dicing data it maintains on who among its clients’ employees get pay raises, and how much they get.
I recently spoke with TribeHR CEO Joseph Fung, who explained that TribeHR tracks the employment records of its customers’ employees, “and that’s the whole spectrum—everything from their applicant tracking process to their ongoing HR records to performance and goals and skills.” So the Pay Raise Index, for example, wasn’t a survey, Fung said. “We actually go with their official records, the same information they retain on their employees,” he said. “The type of information that we are able to manage means we can slice this information in really interesting ways.”
If you’re thinking that all of this sounds a little creepy, be assured that TribeHR is completely upfront with its customers about what it’s doing. In fact, according to Fung, those customers value TribeHR’s wherewithal to do it:
First off, we’re very, very clear with our customers about how that data might be used — it’s clear in our Terms of Service. But the really big benefit is we’re providing those insights directly to those customers on their own companies, and we provide the highest-level aggregate data. So that’s what this index is — we’re not providing anything identifiable by company, even by region, here. But the insights we’re providing to customers, because we can do that analysis, lets them do things like [determine that] the best-performing employees came from this recruiting source, or the employees in this department are getting significantly more recognition than the employees in other departments. Those analysis tools are actually a key reason why our customers use our tool.
Moreover, Fung stressed that none of the data in the index can be linked to any individual customer, and that no one at TribeHR can see any individual customer’s data:
Our architecture is specifically designed for this type of analysis. It can’t actually be drawn back to the individual customers. Every customer data set for us is stored in a separately encrypted database. We pull out anonymous data and toss it into an anonymous pool for third-party analysis. So the people on our team who are providing that analysis have no way to link it back to individual accounts. There’s no way for us to actually see that data for those customers.
Finally, Fung shared some of the lengths to which TribeHR goes to protect its customers’ sensitive data:
A lot of SaaS providers run a single, monolithic database, and you get that comingling of data. In our case, every single customer is in their own database, with their own encryption keys. Furthermore, sensitive data goes through a second level of encryption in the database. So even if our team members, or the team members at the client company, went in to debug something, that data isn’t visible within the database — it’s only a hash value. So we go to extraordinary lengths to protect the sensitivity of the data of our customers.
So there you have it. I have no doubt that Fung and the crew at TribeHR are really good guys, and that their work is carried out with integrity. But I’m still curious. Does what TribeHR is doing with its clients’ employee information give you the creeps?