In this era of high-profile cyberattacks and rampant data breaches, it behooves companies to take a closer look at how they are addressing data privacy and security. For the safety of workers and their enterprises, it is crucial that organizations today are vigilant about protecting employee data.
“The recent Facebook and Cambridge Analytica news stories have helped to uncover business practices related to data use that range from cavalier to outright irresponsible,” writes Ellen D. Wagner in Putting Data to Work, a recently published Guild research report. “These stories have spotlighted the need for tighter oversight and regulation of data use and reflected greater concern for data privacy.”
Although various state and federal agencies—most notably the US Federal Trade Commission and the Federal Communications Commission—provide data oversight, companies must also assume responsibility.
What sort of data should be protected?
Companies tend to amass a great deal of information about employees. Some of it, such as the fact that a worker completed on online sexual harassment training course, may appear benign. However, stringent right-to-privacy laws protect employees. For this reason, all employee-related data should be kept confidential.
Storage is also a concern. Data is vulnerable, whether it is stored in a locked file cabinet or retained electronically in the cloud. Whatever system your organization uses, take precautions to make sure the data is secure.
Here are some categories of employee data that may be on file that should be protected:
Hiring records, including applicant-tracking information, resumes, and offer letters;
Background-check information, such as driver's license numbers, passport numbers, I-9 worker eligibility forms, credit reports, driving records, criminal history reports, and drug test results;
Personal data, such as employees’ names, addresses, phone numbers, social security numbers, medical details, and emergency contact information;
Benefits information, including payroll and timesheet records, benefit enrollment forms, employee status changes, and employee vacation-tracking;
Employment records, such as titles, pay grades, positions, W-4s and tax records, performance appraisals, career development plans, disciplinary actions, attendance and PTO tracking, training records, certifications, and licenses;
Internal company information, including employee handbooks, emergency evacuation procedures, safety guidelines, and catastrophe response plans.
Guidelines for protecting employee data
Although the information technology (IT) department can (and should) establish firewalls to secure sensitive information, protecting employee data often requires the collaboration of human resources (HR) and learning and development (L&D). For example: HR can monitor networks for breaches and use predictive analytics to track and respond to potential threats, while L&D can provide training to educate employees on the importance of protecting data.
In a post on talentculture.com, Meghan Biro offers some practical suggestions for protecting employee data:
- Set strong, unique passwords. Advise employees to create robust passwords for all work-related programs and applications.
- Prohibit Wi-Fi use on unsecured networks. Many telecommuters work from public places and business travelers may use unsecured hotel Wi-Fi networks. Such practices are risky. Consider equipping employees who work offsite with secured mobile hotspot devices.
- Keep track of devices. Warn employees not to leave their devices unattended, as hackers can quickly install ransomware that can memorize keystrokes and/or steal passwords.
- Address lost or stolen mobile devices immediately. Require employees to report lost or stolen devices, and quickly deploy software that can remotely wipe data from them.
- Leverage technology. Take advantage of predictive analytics, which can immediately recognize and respond to anomalies in network traffic.
Some final tips
Employee data can be stolen or compromised from both inside and outside an organization. Inside theft is particularly insidious. Forbes.com offers some tips to help prevent the internal theft of employee data:
- When hiring new employees, conduct thorough background checks and screen for desirable behaviors.
- Use an identity management system to record and pattern employees’ access by role.
- When onboarding, provide training about the company’s policy regarding the treatment of confidential data. Include details about the handling of sensitive information as part of mandatory compliance training.
- A study found that one-third of US and UK office workers still have access to their former company’s data and systems after leaving their jobs. When an employee leaves, deactivate access privileges after offboarding.
Learn more about data
Organizations of all sizes understand that protecting employee data is of vital importance in today’s world. They need to be aware of what data is being stored about employees, as well as how and where it is stored.
Learn more about data and how to effectively leverage it at The eLearning Guild’s Data & Analytics Summit, scheduled for August 22 & 23, 2018.