Companies Come Up Short in Securing Cross-Border Data Transfers, Survey Says



In global payroll, the trends are always changing. A recent joint effort survey by Bloomberg BNA and the TMF Group attempted to gauge current trends of the payroll operations of global companies with business in two or more countries.

Surprisingly, one of the most interesting results was about payroll data security: Despite strides in implementing more secure data transfers, 23 percent said that they do not modify procedures for cross-border communications for security purposes.

“What this tells me is that there are a lot of companies out there that are not even compliant with regional and local regulations,” Marco Martin, vice president of Global Sales at TMF Group, said in a recent webinar.

Many countries require stringent cross-border transfer requirements. In fact, the new UE-U.S. Privacy Shield agreement was created to strengthen requirements and protections for cross-border information.

The survey results reflected Martin’s concern, with 21 percent of respondents saying they found ensuring that payroll operations are compliant with all applicable laws and requirements either somewhat difficult or very difficult. In fact, ensuring compliance was found to be the second-most difficult global payroll activity after working with multiple suppliers across countries and regions.

As for other payroll communications, 24 percent said employees use a secure ticketing system to communicate with global payroll operations. Forty-nine percent of all respondents said they use e-mail for such communication, which is an inherently insecure means of cross-border communication, even with additional password requirements, which 38 percent said they apply.

Maxine Gardner, global payroll director at Lenovo Group Ltd., said that everything has to be encrypted at her company. “This is particularly critical in areas like the European Union where they have very strict data privacy regulations,” she said. “It’s not just the European Union countries that are establishing that you have to have strict governance for your data. Russia and Ukraine are examples of countries that in the last 18 months have put in additional requirements.”

Overall, 50 percent of respondents encrypt data to ensure the security of cross-border payroll data transfers.

E-mail interactions by employees with global payroll teams were far more prevalent with organizations having operations in at least six countries, 61 percent, compared with 39 percent of respondents having operations in two countries. Forty-nine percent of those with payrolls in three to five countries said they used e-mail.

While adding additional password requirements does not automatically make cross-border e-mail communications secure, 38 percent of respondents use additional password requirements to safeguard cross-border payroll data transfers.

The survey results highlighted that companies are starting to focus more on data security risks, but there still is a ways to go.

“In the past, it was a nice-to-have but now it is an absolute,” Martin said. “You must have this capability.”

More in-depth data and analysis from the survey, including more details on participants, how companies organize payroll operations and approval, communications and data-movement trends and best practices for tracking regulatory changes can be found in the Global Payroll Management Survey report.

Hear more about the report and a discussion of the most significant payroll issues that arise when operating internationally in our most recent webinar.

Take a free trial to Bloomberg BNA’s International Payroll Decision Support Network. With more than 90 countries covered, this is your one-stop resource for reliable, up-to-date guidance and analysis in every area of global payroll administration and compliance.      

Join the Bloomberg BNA U.S. and Global Payroll group on LinkedIn and follow Bloomberg BNA on Twitter @BloombergBNA.   

Follow Molly Ward on Twitter at @mollyalisonward.