3 Things Every HR Professional Should Know About Data & Privacy
As our HR departments become increasingly reliant on technology, how data is collected and stored has become of great concern. Whereas we once only needed to worry about damage or break-ins to a physical office, the world has become our digital office and our records can go everywhere. While this simplifies our lives in many ways, we have new risks to address a well.
1. Your Biggest Risks Aren’t What You Think They Are
Most professionals shudder at the thought of a data breach, and indeed, these have brought down quite a few mighty companies as of late. However, a whopping 63% of data breaches involve using stolen, weak, or default passwords, per data from Verizon.
“You might say our findings boil down to one common theme -- the human element," says Bryan Sartin, Verizon Enterprise Solutions Executive Director of Global Security Services. "Despite advances in information security research and cyber detection solutions and tools, we continue to see many of the same errors we've known about for more than a decade now.”
In addition to this, Phishing remains a top concern. The term references sending out a fraudulent email which looks like it’s from a legitimate source, but comes with ill intent. For example, it may appear to be a note from a boss saying he needs sensitive reports emailed to him or it could look like it’s from a bank requesting the individual click to log in. About 30% of people open phishing messages and 13% open the attachment or click a link. People losing their devices, such as laptops and phones, also ranks high, as does erroneously sending information to the wrong person.
Employee training and awareness of these issues can help mitigate the risks.
2. Your Employees Have a Right to Know What You’re Collecting and Why
The newly-minted General Data Protection Regulation (GDPR) may only impact you if have employees in the UK, but even if it doesn’t apply to you, it still offers sage guidelines. For example, employees have a right to know what kind of data you’re collecting about them, as well as why it’s being collected and how you plan to use it. You can learn more about adopting the framework here in the US through the government website PrivacyShield.gov.
If your company does not already have a policy in place which explains what data is collected and asks the employee permission to collect it, it’s worthwhile to implement one for the sake of transparency.
3. Your Data is Only as Secure as Your Third-Party Programs Are
Companies spend a lot of time protecting consumer information, such as credit card numbers and social security numbers, but they rarely examine HR to make sure their employees are getting the same level of protection. As big data grows, HR departments are incorporating a myriad of third-party programs to fulfill their duties, which can include very sensitive data. Unfortunately, software is only as secure as a company makes it, and vulnerabilities exist in most. This is why reputable companies hire hackers to intentionally break into their products; so they can find those vulnerabilities and correct them before release or as patches.
Before you trust an entity with your data, make sure they can answer hard questions about their security protocols and have a good reputation.