The ADP and Zenefits Kerfuffle, Part 1: What The Hell Happened Here?

The business tech media and HR technology blogosphere erupted this week over the news about the kerfuffle between ADP, a market-leading HCM tech and service provider and Zenefits, the fast-growing Silicon Valley startup that provides free HR software in exchange for brokering corporate benefits to businesses with less than 1,000 employees.

Zenefits-Verical-Light-Background

If you’re like me, it was hard at first to get a handle on what actually went down here. You can easily get overwhelmed trying to decipher the sum of ADP’s PR and very structured communication, Zenefits’ Twitter and blog hype, the B2B and tech press, and the swirling general social media commentary. I mean, when Ashton Kutcher and Jared Leto, both Zenefits investors, are tweeting about HR technology, it’s just gone too far.

The implications that this spat raises go beyond what we’re seeing in the media. It might be fun to get sucked into Zenefits’ hype — Posturing that ADP is a big mean corporation afraid of a disruptive Silicon Valley startup. That’s good spin. Who doesn’t like a good David and Goliath tale, but it just doesn’t hold water for me, based on how I know this industry works. And, I work with HR tech brands that range from pre-series A to large global leaders and everything in between.

For anyone with even a modest amount of time in HR and HR technology I think this immediately highlights some very big issues around employee data privacy and the responsibility that cloud-based vendors have when managing that sensitive information. It showcases the impact a vendor’s approach to doing business can have on its customers, not just its product or user interface. This impact is heightened when dealing with private and sensitive employee data versus data not personal to your workforce.

I’m going to help and try to make sense of this spat and the resulting impact on the HR customers and the HR vendor community, starting today with a little perspective on just what the hell happened here. Next week we’ll look at some of the impact that is rippling through the industry.

So, what the hell happened here?

The issue seems to have emerged because Zenefits chose to get payroll data to and from the ADP system via an unsupported method.

Why does Zenefits need to work with ADP and other vendors like them in the first place? Zenefits provides “core HR” capabilities in its software along with its benefits brokerage services, but it lacks payroll. ADP is, among other things, a market-leading payroll provider. The company processes paychecks for a reported 1 in 6 Americans.

Zenefits' core HR software isn’t unique. Nor is the fact that it has to integrate with payroll providers in lieu of offering its own payroll capabilities. Integrating with payroll vendors is common. ADP is on the top of the list of every vendor needing to do so, given its position in the market.

Rather than integrate directly to ADP via APIs or other methods that ADP supports and certifies for myriad vendors, Zenefits chose to have its customers with ADP payroll provide a username and password to the ADP account with administrative privileges. Zenefits would then run a technical routine referred to by many as “screen scraping” to pull data from ADP.

It seems that when this process started to utilize server resources disproportionately to the number of Zenefits customers on the ADP servers (a reported lowly .25%), it flagged the issue for ADP.

The server issue has been argued by Zenefits and its supporters as a smoke screen put on by ADP. I think more probable is the thought that it called attention to the private and sensitive employee data leaving ADP via a screen scrape to some executives who then realized the amount of risk ADP had in letting that go on, no matter how secure Zenefits ensured the connection is.

Payroll providers have a certain amount of liability over the fact that they are hosting your payroll and other sensitive employee data. The most sensitive bit of data is most likely the social security numbers of all employees being paid. It’s easy to understand why you want that on lockdown. You don’t want that falling into the wrong hands. But, there is also tax data, benefits data, etc. It’s private — nothing more needs to be said.

As a small-business owner trusting your payroll to a provider like ADP, you need to know that it has documented processes and protocols for how data will move to and from its system as well as vetting any vendors it partners with.

This is one of the golden rules of HR and HR technology: Protect employee data.

Just as it’s incumbent upon ADP to protect the data not just via technology but with process oversight, the vendor receiving the data, in this case Zenefits, also has a responsibility to follow the process. As a Zenefits customer, you need to know that everything is supported and certified in case something goes wrong.

In my opinion, this is not the same as giving your tax accountant or some other service provider a login to your ADP account to do their job. You, as the customer are taking responsibility for what those people, under your hire, do with your data. This issue is murkier. You’re now treading on your license agreement with ADP and given that there is a technology interface involved the liability if something were to happen starts to get just as murky. When you deal with employee data, you can’t let the privacy issue get murky.

It’s hard to tell just how long the practice was going on and when ADP initially became aware of it.

Some industry perspective: Before you rush to the conclusion that ADP is reacting to Zenefits out of fear of a high-growth competitor based on the overlap between the Zenefits and ADP software products, you should know that ADP integrates with a lot of competitors. Like Workday, another Silicon Valley high-growth HR technology firm, that frankly looks like more of a threat to the ADP brand than Zenefits (see our HCM Vendor Brandscape Report™.)

Since this news started breaking I’ve spoken to both Dick Wolfe, the Senior Director of Corporate Communications at ADP and Parker Conrad, the CEO of Zenefits. For the most part, both ADP and Zenefits are staying on message with what they’ve published on the matter.

ADP has posted, and updated, a timeline of events and a point-by-point counter to claims that Zenefits has made. Zenefits has been blogging about it.

I was also able to get a pulse of between 20 and 30 HR technology executives from a cross-section of both startups and established industry players at the TSC HCM industry executive mixer in New York City. Of course, the analyst and influencer community circle is abuzz with opinions, tweets, and blog posts.

After all of these conversations, this is where I ended up. Next week I’ll look at what HR technology customers and buyers need to learn from this, and the ripple impact in the industry.

(Disclosure: The Starr Conspiracy is a customer of ADP TotalSource®, and ADP has been a client of The Starr Conspiracy in the past.)