IT owns the pipes. HR decides what flows through them

Published

Image Placeholder

A new hire's first email goes out with a placeholder title, or with someone else's old job title still sitting in the field. It's a small thing next to everything else involved in onboarding someone. It's also the kind of detail that quietly tells the new employee, and everyone who reads that email after them, whether the organization behind it has its act together.

Most of the time, nobody forgot to update anything. Nobody owns the pipeline the data runs through, and that's a harder problem to fix than a single missed request. Karl Bagci, Exclaimer's Director of IT and Information Security, and Sharon Handy, Director of People Experience, made that case in a recent webinar, alongside a smaller example from inside the company itself: employee photos got added to signatures as a nice touch, with nobody circling back to ask for explicit consent to use those photos externally. A photo is personal data. The fix was a one-field opt-in, but the miss is the more useful part of the story. Even a team whose job is signature governance needs a system to catch what good intentions alone won't.

Their shared argument: treat an email signature as a data problem, and the data splits between two owners depending on which part you're looking at.

The plumbing and the water

Karl's own framing was the clearest thing said in an hour of conversation: IT sets out the plumbing, meaning the platform and the rules that govern it. Whoever already owns a piece of data owns what flows through that plumbing. At Exclaimer, that means HR maintains job titles and reporting lines, because that's where the data lives regardless of what a signature tool decides to do with it.

Role-based access controls let IT delegate specific fields to specific teams without giving up governance of the platform itself. HR can update a job title without opening a ticket. Marketing can own brand accuracy in the signature without touching the underlying employee data. Audit logs do the other half of the job: every change gets recorded, so when a compliance question comes up, there's a written answer instead of someone's memory of who asked for what.

The model shifts work rather than creating more of it. Fewer changes need IT's direct attention, and each team handles the piece it already understood better than IT ever could. Making this work is mostly a matter of agreeing, once, on which fields belong to which team. Reporting lines don't need to change for that agreement to hold.

Where the split shows up first

The next two moments look like HR's problems from an IT seat, but the ownership split is exactly what determines whether IT ever hears about them at all. Sharon, who supports more than 300 employees across 14 countries, described the mechanics behind the opening example above: when HR data connects directly to the signature platform, a new employee's first sent email already carries the right name and title, pulled straight from the HR system instead of typed in by hand somewhere along the way. When that connection doesn't exist, someone has to remember to make the change manually, which is where the placeholder and the outdated job title come from.

A name or pronoun change is harder to catch manually than a routine title update, and Sharon said it's also one of the most personally important things to get right. A process with too many steps for a pronoun update means people either skip it or feel awkward asking. Fixing that just means the field updates itself the moment HR confirms it, so nobody has to file a request at all.

Karl draws the autonomy line in a way that makes this workable. The organization keeps control of the brand and legal side, things like disclaimers and contact details. Employees stay free to manage their own pronouns or a LinkedIn URL. Free text fields don't get that same latitude, since that's where a typo turns into something worse.

What automation actually removes

Before the HR system connected as a source of truth, every employee change meant a ticket somewhere: an email to a manager, sometimes a request to IT, sometimes just an employee editing their own signature and getting it wrong. Individually cheap. Cumulatively, in Karl's account, it added up to a meaningful chunk of an IT team's time spent on work that added no value.

Once the connection exists, that changes. A promotion updates a title without anyone touching a form. Move departments, and the team name updates the same way. Leave the company, and the signature retires the moment access does, so nobody's left sending mail under a departed employee's name months later. The role shift for IT matters as much as the time saved: instead of actioning individual changes, the team maintains the platform and the rules, and that's the whole job. Audit logs pick up the record-keeping that used to live in ticket histories, the only paper trail left once the manual requests stop coming in.

Growth and M&A test the model

Multi-entity organizations are where the ownership split earns its keep or falls apart. Karl called this a governance question first and a technical one second: when an employee sends on behalf of multiple entities, is it clear which one applies at any given moment, and is that clarity strong enough to avoid a contractual or regulatory problem if it's wrong.

Sharon connected this straight to mergers and acquisitions. Two organizations rarely arrive with matching systems, and what's underneath rarely matches either: different HR platforms, job titles that mean different things from one company to the next, data that doesn't share a format. Reconciling that into one signature is exactly where a single, normalized source of truth pays for itself. Once both organizations move onto a unified HRIS, the signature follows without anyone having to force it.

How Exclaimer's cloud solution supports this

What Karl and Sharon described maps to specific parts of the platform, not a general philosophy. HRIS and directory integrations connect Workday, UKG Ready, BambooHR, Microsoft Entra ID, and Google Directory as a read-only source of truth, so data flows into signatures without IT or HR writing anything back. Role-based access controls let HR and marketing manage their own fields directly while IT retains ownership of the platform and rules. For the multi-entity and M&A scenarios above specifically, Brand Kits centralize a brand's visual assets and legal disclaimers per subsidiary.

Exclaimer is trusted by more than 9 million users across 80,000+ organizations worldwide, including Sony, Mattel, Bank of America, NBC, the Government of Canada, the BBC, and the Academy Awards.

The takeaway

The photo consent gap Karl described is what happens any time the plumbing works but nobody has decided, on purpose, who controls what flows through it. That decision is worth making deliberately, before a merger or an org chart makes it for you. Connect the data once. Let automation carry the rest of the employee lifecycle. Do that, and the team managing it professionally stops finding gaps of its own making.

Watch the webinar on demand to hear Karl and Sharon walk through the full model, including the multi-entity governance discussion from the Q&A.