Data Sharing Best Practices with Third-Party Sites

After proper ADP consent/approval, a client can authorize a third-party for ADP login ID and password to link your account, or access your personal information at ADP (e.g., financial technology apps such as Chime or PayDirect). Protecting our clients’ and their employees’ data is a top priority for ADP. As part of this priority, we are continuously enhancing how we help safeguard data shared through our systems, including providing guidance relevant to when you decide it is necessary to exchange it with outside providers’ websites and apps. Please find below a few recommended steps you can take to help us keep your information secure.

Data sharing safeguards

Credential Sharing is NOT allowed

While we understand the convenience of allowing the access and integration of your data to third-party sites, ADP does not authorize sharing credentials (e.g., username and password) with any third-party without ADP’s prior consent. Credential sharing puts your data and ADP’s system at risk as well.

A few critical steps you may take to protect your information (both personally and for business purposes provided the proper approvals/consent has been provided) include:

  • Review third-party sites and apps, which may have access to your or your employees’ ADP credentials to ensure it makes sense for those third parties to have access
  • Determine if you want to continue sharing your data with those third-party sites. If you are no longer working with the third-party, change your password so they no longer have access to your data.
  • On a personal level, freeze your credit with the credit bureaus (U.S. only) so no one can take credit out in your name in case your personal data was stolen
  • Stay alert and regularly monitor your accounts for any unusual activity

We feel strongly that obtaining information from ADP systems needs to be through a defined and agreed upon arrangement between the third-party and ADP that leverages an ADP-approved mechanism such as application programming interfaces (APIs) to ensure proper use of the data and meet our necessary security protocols to keep your data safe.

What is ADP doing to protect your data?

As a policy, we do not authorize sharing credentials with anyone without ADP’s prior written consent. We have continuous monitoring in place as part of our safeguards to secure your information. From a data protection standpoint, we also employ industry-leading protections including multi-factor authentication, federated identity capabilities (e.g., global policies around authentication), session controls that force PC log outs due to inactivity, and bot mitigations to distinguish between human and bots so bot activity can be blocked/prevented.  

Security is an integral part of our products, business processes, and infrastructure at ADP, and we will continue to prioritize and enhance how we safeguard your data.