Skip to main content

Data Protection in the Age of AI and Reputational Damage of Data Leaks

Screenshot 2024 04 16 At 9.09.46 AM

By Oleg D., Distinguished Engineer   

In the 1987 film Spaceballs, there's a great line when they learn the combination of Planet Druidia, "So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life!" Now, you don't have to be a space traveler or security expert to know the importance of protecting data.  

man wearing glasses in front of a train

From the inception of the "e" platform in the Innovation Labs, our team wants to re-imagine what it means to protect the most sensitive data our users share with ADP. "Roll by ADP," an HCM and payroll app for small businesses, is built on top of the "e" platform and illustrates our philosophy. Through an artificial intelligence-backed conversational interface, busy entrepreneurs can effortlessly complete payroll in less than a minute on their devices.

Sensitive Data is any data classified as "Sensitive Personal Information," including data fields such as government identifiers, like passport or driver’s license number, and personal banking like your checking account. When we protect data, it’s in a format that cannot be used by any unauthorized person who might gain access to the System of Record (SOR) database.

We can use a couple methods of protection such as encryption or tokenization. Encryption converts the data into an unreadable format for security purposes, while tokenization replaces data with unrelated tokens. Deciding which method to use for data protection depends on how you need to query or report on the data.

The data protection mechanism must be deterministic to facilitate an exact match style of querying - meaning that the same piece of sensitive data can be protected multiple times, resulting in the same protected value. For example, suppose the user entered their social security number (SSN) as "123-45-6789". In its protected form, this SSN looks like "abc-de-fghi". To find this record by SSN value, we must again protect the search query for "123-45-6789" and produce the same token stored in the database. The determinism requirement makes sure engineers take a comprehensive approach to data protection.  

At ADP, we aim to protect the data as soon as the user enters their sensitive information. The protected data is masked in the UX and unmasked only for authorized users. Once protected, data can safely flow through the system and eventually be saved at its destination and encrypted at rest. 

typing on a laptop

When determining protection method, our team asks what’s more beneficial while carefully examining the costs against features. We chose a strategy to balance the requirement for determinism and the concept of least-privilege access to sensitive data. In other words, our data protection approach involves layers of protection.

Though all AI providers, such as OpenAI, Microsoft, and others, have enterprise agreements with clients, we are extra cautious with client data. We redact personal information from every prompt and replace it with a protected token. Our decision to embed data tokenization into our business application platform has proven successful. As a takeaway, I encourage technologists to examine how we use sensitive information in our applications. We will continue looking for opportunities to innovate and collaborate for the benefit of our clients.

Oleg is an ADP Distinguished Engineer and a Chief Architect at Roseland Innovation Labs. He has over 25 years of experience, including academia, consulting, R&D labs, fintech, and tech startups. Oleg has been building cloud-native systems for the past twelve years. Oleg joined ADP in 2016 and foresees products in security, GraphQL APIs, cloud architecture, and fraud prevention while improving developer productivity. In his spare time, Oleg is a cycling enthusiast who also enjoys writing about technology and career development in software engineering.  

Interested in a tech career at ADP?          

Click here to search for your next move and visit Who We Hire 

Related Articles