It has finally happened. Someone has hacked the pay data of an organization and made the pay data of thousands of employees public. It is still unknown who attacked Sony Pictures, but the suspected hacker is the North Korean government. The biggest surprise for me is not that it happened, but that it did not happen sooner.
Hacking has become a business for some and a hobby for many others. Given this, why not hack pay data? Corporations go to great lengths to keep most of their pay information secret and as a result, it is a logical target for dissatisfied employees or just individuals who enjoy a challenge.
Although the Sony case is the first highly visible example of hackers making pay public, there probably have been earlier ones that have not been publicized. One thing is certain: There will be many more. What should corporations do? One alternative is to invest more money in cyber security and to make it increasingly difficult for individuals to hack into an organization's pay data. This will add significantly to the cost of what organizations currently spend in order to be "sure" that salary information does not get into the "wrong" hands. However, most cyber experts say that there is no certainty that it will work.
Here is an alternative: Instead of spending more time and money on keeping pay information secret, how about administering pay correctly so that there is nothing that needs to be kept secret? In other words, how about improving pay administration so that the pay of individuals is based on performance and fits the market value that they have. If pay is administered well, it becomes much less consequential if pay information is hacked. Further improving pay practices and pay administration will pay off, in terms of better attraction and retention of talent and in pay being a more effective motivator of performance.
Here is a better alternative: Improve pay administration and make pay public. While the most obvious advantage of this is that it will reduce administrative and security expenses, it can do much more. It gives an organization the ability to provide hard data that support its stated pay policies and pay philosophy. Today, individuals must have "faith" that pay is based on performance, fits the market, etc. My research shows that often individuals do not believe what companies say about how they administer pay because they do not see the data to support the rhetoric. Individuals assume the worst and organizations lose. Showing them the data changes the "trust me" into here is the proof: If you perform better, you will get a pay increase and you will get pay above the market, etc. Not only does making pay public give organizations a chance to make pay a more powerful force in organizations, it gives them a chance to support a management style of openness, business transparency, and financial accountability. Pay secrecy fits the management and business practices that were dominant in the middle of the 20th century when organizations were bureaucratic and hierarchical. It does not fit organizations that have broad scale employee involvement, business transparency, and utilize social media.