Now more than ever, it is crucial to ensure your Work Opportunity Tax Credit (WOTC) vendors use both your personal information and your candidate information only for the purpose of processing WOTC. There are many vendors that have other services that they offer such as credit bureaus, payroll services, etc. You must take specific steps to protect your data and ensure that they aren’t being used without your knowledge.

The WOTC program involves sensitive information, so it’s essential to establish clear guidelines and safeguards. Here’s how you can help ensure your WOTC vendors use your information appropriately:

#1 Select Reputable Vendors: Choose WOTC vendors that have a proven track record of handling sensitive data securely and have a good reputation in the industry. Look for vendors with appropriate certifications and compliance with data protection regulations. Also vendors who only do WOTC and other employment based tax incentives are the better choice since you know that aren’t using your information for other purposes without your knowledge.

#2 Signed Confidentiality Agreements: Before sharing any sensitive data, require your WOTC vendors to sign confidentiality or non-disclosure agreements. These agreements legally bind the vendors to keep your data confidential and only use it for the specific purpose you’ve outlined.

#3 Limit Data Sharing: Share only the minimum amount of data necessary for processing the WOTC program. Avoid providing additional unnecessary information that is not directly related to the program.

#4 Data Encryption and Security Measures: Ensure that your WOTC vendors use robust data encryption techniques when transmitting and storing your information. Inquire about the security measures they have in place to protect data from unauthorized access.

#5 Regular Audits and Reviews: Conduct periodic audits and reviews of your WOTC vendors to ensure they are complying with the agreed-upon terms and protecting your data as required. Review their data protection policies and practices.

#6 Clear Data Retention Policies: Establish clear data retention policies with your vendors. Specify how long they can retain your data and require them to delete or securely dispose of the data after the required retention period.

#7 Monitor Data Access: Restrict access to sensitive data only to authorized personnel within the WOTC vendor organization. Implement monitoring and access controls to prevent unauthorized access.

#8 Data Breach Response Plan: Ensure your WOTC vendors have a well-defined data breach response plan in place. This plan should outline how they will handle and notify you in the event of a data breach.

#9 Review Privacy Policies: Carefully review the privacy policies of your WOTC vendors to understand how they handle data and ensure they align with your data protection requirements.

#10 Stay Informed about Regulations: Stay informed about data protection regulations and compliance requirements relevant to your industry and location. Ensure that your WOTC vendors are also compliant with these regulations.

#11 Open Communication: Maintain open communication with your WOTC vendors. Discuss your data protection expectations and address any concerns you may have.


Remember that protecting data is a shared responsibility between you and your WOTC vendors. By being proactive and implementing these measures, you can help ensure that your information is used appropriately and securely for the WOTC program only.