Let’s Talk About Pay. Anonymously.
WELCOME to part two of “Let’s Talk About Pay”: a series of blogs written to introduce you to Sliips, and the why and how of building a free tool that allows everyone to understand their salary and if they are being treated fairly. You can find part one here, where we looked at why we are using your payslip as salary verification, and the benefits of doing so: accuracy.
Now we are going to look at how we protect your identity when we request such a sensitive document. This is all about how we keep you anonymous when using Sliips. It’s not overly complicated, but it does get a little technical as we go into detail. To help you work out which level of detail you’d like to read about, we’ve made a scale for this blog based on some of our most-loved literary characters you may have heard of: Harry Potter and friends!
So, jumping in to it!
Your anonymity is essential to how Sliips works as both a tool and a company. We spend a lot of time thinking about how to protect it, and these fall into two main categories…
1. Preventing anybody from being able to work out that you have used Sliips, from our tool (for example, when looking at the graphs on the analytics dashboard)
This aspect is entirely under our control and is one of the most obvious places where you wouldn’t want to be identifiable. For instance, if you are the only person at your company earning £43,330.56 a year, we cannot let this salary to be seen at that level of detail. Anyone from HR at your company would clearly be able to tell who had submitted a payslip to us. We’ll explain how we deal with this in the Harry Potter section.
2. Preventing anybody from being able to work out that you have used Sliips, from outside our tool (for example, through statistics gathered by third party entities such as Google)
This becomes a three-way relationship between us, you and third parties like your e-mail provider, and potentially Google and others. Some of this is under our control and some isn’t. We cover this in more detail under Hermione and Dumbledore.
Now we understand the problem a bit better, let’s look at some solutions!
You’re a wizard, Harry!
The solution to how we keep data secure starts with the data we ask from you. The key point here is:
Stopping information at source.
We actually want as little information from you as possible. We don’t even want to know your name! Our functionality allows you to easily scrub out sensitive information from your payslip (name, national insurance number, etc) in your browser before you even send it to us. We only receive the redacted version and as soon as we note the date, company name and basic salary number, we delete that image. Any piece of information we can avoid receiving, we avoid it. Not only do we hope it makes you more comfortable, but we also spend a lot of time ensuring we meet Data Protection requirements, and every bit of data we can avoid is work reduced!
We do ask you some other questions to help us give you more useful information on your dashboard, such as job title or age. We do, however, keep these as high-level as possible, for example only asking month and year of birth (not day), which allows us to keep a level of ambiguity in our data before we even present it.
So once we have collected as little information as possible as high-level as we can (while still being able to give you something useful) we start thinking about how to present it.
First of all, we have developed a bespoke solution to only present contextualised approximations of salaries. This means that if you have a unique salary in your organisation, like £43,330.56 — you do not need to worry about it being identified by anyone else looking at the site. You will see your salary on your personal profile, but for anyone else looking at salary information for a company, they will never see exact salaries that have been submitted by individuals like you.
We also do not present any information until we have a certain number of data points in it. This number varies depending on context, but basically means there is no way an individual can be identified even with every filter (like gender, age, ethnicity) applied. If you are the only 28 year old Asian female in your company, you will not show up in a graph with those filters applied.
Now that we’ve covered how we protect your identity on our platform, let’s look at where things get a bit more complex…
This section is all about other people, and what you tell them about Sliips. This is the other way someone (or anyone) could find out you that you use Sliips, outlined in Neville’s section:
2. Preventing anybody from telling you use Sliips outside our tool (i.e. you could tell them, Google knows everything, etc)
Simply put, this is preventing anybody you are not comfortable with from telling that you use Sliips.
The simplest example where someone can find out you use Sliips is if you tell them. You may have colleagues or friends that you want to tell about Sliips: this really is up to you and we have no involvement in that conversation! Ultimately it is down to your discretion, but we would encourage you to think carefully about your situation and who you feel comfortable about knowing you use Sliips, and who you do not.
This gets a bit more complicated when considering our referral system. The idea is that we reward you for referring people by giving you points to spend on our platform. This helps us to find more users, which in turn allows us to give a broader range of data to you. We are clearly involved in the referral and we have made a promise to all of our users that we will protect their identity. We soon realised there was some complication here, as you may refer someone who wants to stay anonymous but if you received points when they signed up, you would know that the person you invited was now on Sliips, even if they didn’t want you to!
We have built the referral system to give everyone the choice to refer and sign up anonymously, while maximising the opportunity to earn points for referring. We give you a choice to refer anonymously or not, and a choice to the person you referred to sign up anonymously (meaning you don’t receive any points) or not (where you would earn points).
A tip if you want to earn points: don’t send referrals anonymously, the person signing up on the other end won’t know who the referral was from so are more likely to sign up anonymously in return.
We hope that all makes sense. Now to move on to the most complicated section, where Dumbledore will guide us through the magical world of APIs, integrations and more…
This is where things go beyond us, you and the people you tell about Sliips, to everything along the way that you need to use to use our service.
This is things like your Internet Service Provider, your email provider and which browser you use. Unfortunately there is not a lot we can do to control any of this. Our advice is to make sure you use the email and browser you are most comfortable with for your private information, for Sliips and beyond! We also advise using a personal email address to sign up to Sliips, rather than a work email.
Where we do have more control is in what tools we use to run our service. A common component that many websites use is Google Analytics, an industry leading tool that can give websites data about who is using their site and when among other things. Now a company like Google aren’t going to take your salary data directly, but what we don’t know with 100% certainty is what they would do with the information that you have visited Sliips, when you logged in and for how long, for example.
Edit Note 30/01/2017 — we have now switched to Google Analytics after 6 months on this custom solution. This is because it was a huge burden, and user feedback suggested the vast majority did not mind if we switched. You can read more about the details of this change here and we suggest using Ghostery if you want to prevent big internet company tracking.
Third parties like Google are also likely to know more details about you than we do, and could connect that information to where you live, your name and quite a lot more.
This lack of transparency has led us to a fundamental design principle in how we have built Sliips: we do not use any third party services that could identify you. Often this means we have to build our own alternatives: this is work we are happy to do and want you to know about!
Finally, integrations like “Sign in with LinkedIn” are things we have been asked about often, but currently do not offer as we are not comfortable with the level of access we could receive. We really don’t want to take any information we don’t need (like the payslip details!); however if in future people still want this functionality we will look at how we could implement it. Rest assured that it would be done according to the same principles that have guided all our other decisions. This often gives us more work to do, but that is a price we are willing to pay to build this tool right.
Chocolate Frog Conclusion
Well done for getting this far if you have read all the way through! If you have skipped to this point, we understand. To summarise and conclude:
The problem of anonymity has two parts, one is our tool itself (how graphs and your information is presented) and the other is everything outside of the tool (who you tell about, or refer to Sliips).
For the first part, we have spent a lot of time ensuring the way we build the platform doesn’t reveal identifying data to anyone else using the tool. We ask for as little information as possible — stopping the flow of data at the source: you! We then present it carefully and have rules on how much information must be in a dataset before we can present it.
For the second part, our focus has been to give all our users a choice as to how they refer others or are referred (either anonymously or not). Unfortunately receiving rewards for referring someone would act as confirmation of someone joining the tool, so we have just made the process clear for referrer and referee as to when referring or joining is anonymous and therefore when points are applicable or not.
We have also given ourselves more work to do when actually building the website by not using standard industry tools (such as Google Analytics) which could connect your Sliips data to lots of other information they hold on you. We apply these rules and principles for any third party service and will continue to be clear about what we use and why with all of our users.
We hope that this post has given you a good understanding of how we protect your identity on Sliips, and how important it is to us. If you have any questions please get in touch at email@example.com. If you like what you’ve read, then we’d love to see you over at the beta! You can sign up at www.sliips.com.