How we manage your employee's personal information
Employers like you are rightly concerned about protecting your employees’ personally identifiable information (PII). If you use any of our services, Verifyi9 will at some point have access to your new hire’s Form I-9 or the PII commonly found on a completed form. PII on the form includes employee name, address, date of birth, Social Security number, phone number, email address, citizenship status, and signature. The form will also include the same and other PII commonly found on identification documents including passports, driver’s licenses and Social Security cards, among others.
This article explains the measures that we take to protect your employees’ personal information.
Web forms and "the Cloud"
We will receive your employees’ information via a secure form at one of our web sites. Our sites are hosted by Kinsta, a premium WordPress site host on the Google Cloud Platform. HTTPS access to web forms is forced and obsolete browsers are rejected, meaning that the data is encrypted in transit from your browser to our server via the web form.
Our sites are protected by the Cloudflare firewall, which employs active and passive measures to stop DDoS attacks and malicious intent in its tracks.
Other security measures include:
- 24/7 security monitoring with uptime checks every two minutes;
- All network partners support TLS 1.3.
- The Google Cloud Platform provides encryption at rest.
- On and off-site backups
Your employees’ PII is stored in the United States (South Carolina, specifically). Our web environment is self-contained and exclusive, meaning that we do not share space with other web sites that might be less secure or contain malicious files.
While on the secure server, the data is accessible only via a hashed URL. Files are deleted programmatically after the business purpose for which the data was collected has concluded.
We do not transmit PII by email unless requested by our client and sending PII to us by email is strongly discouraged.
Local access and storage of PII
The PII on the secure server will be accessed by Verifyi9 personnel during our various business processes. All access to PII is controlled by our Information Security Policy and various other policies (linked below). When files containing PII are downloaded to workstations, the files are deleted programmatically at the end of each work day.
Verifyi9 personnel who have access to PII must periodically pass a background check and must agree to comply with applicable policies. We do not use independent contractors in our remote I-9 process; all personnel who have access to your employee’s information are Verifyi9 employees, vetted and trained by us and subject to our data security policies.
Verifyi9 uses several third-party processors as components of our business processes including Airtable, Slack, and Google Workspaces (formerly “GSuites”). These services do not retain any of your employees’ PII except for name, email address and phone number.
Verifyi9 is committed to earning your trust in our ability to protect your employees’ sensitive information. You are invited to review our policies on the topic and we welcome your questions.
This page was last revised on 10/24/2021