With EU GDPR coming into force to protect consumer privacy and data, there is a need for a similar regulatory framework to protect employee data. Organisations are unfettered when it comes to collecting employee data. Given the rising number of consumer and employee data breaches, it is high time that organisations put in a conscious effort to protect employee data.
Employee privacy cannot be sacrificed to satisfy an organisation’s growing need for data. Not only that, intelligence on pay scale, performance appraisal, and other data are prime targets that competitors use for poaching your employees. Therefore, it is important to look at all aspects of digital curation—right from the point where data is collected, to what data is collected, to where is it deployed, and to how safely it is deployed. The trend in off-shoring organisations’ data requirements has added many layers of complications and created a lasting trust deficit. In fact, many organisations do not know where all their employee data is stored. According to a recent Forrester study, only 41% of 150 organisations knew where their employee data was located.
Here is a list of actions that diligent organisations do to ensure the privacy and protection of employee data:
Policy on data collecting: Specific policy measures assist the HR teams while collecting and working on data points. The policy should clearly draw the line on where an employer’s ownership of the data begins and ends. It should also specify the remedial measures, standard operating procedures and escalation procedures among other things. Employees often are trusting and zealous when sharing personal data with the employer. Today, as HR becomes more data, analytics, and tech driven, it is important to have a framework in place to monitor transgressions and lapses.
Educating employees on privacy and security: Written consent, disclosure consent, and review consent are some of the rights that the government has bestowed on employees. Every employee should be educated about their rights when disclosing information and the employer’s liability to protect the same. Also, staff should know that the company monitors all communications and files for data security purposes.
Organisation-wide encryption: It is the organisation’s responsibility to ensure that data security solutions are tamper-proof and effective at all times. Given the number of devices and endpoints within an organisation, data protection becomes a gargantuan task. There are numerous encryption deployments doing the rounds in the market. Organisations should choose a solution that is easy to use, flexible and intuitive.
Security audits: One way of ensuring that sensitive data is treated with care is to put in place a mechanism that permits security audits by third parties. Such audits should happen on need basis and reports generated regularly.
Transparency: Organisations should realize that being compliant and transparent would help in improving trust and security for employee and business alike. It creates better relationships all around. By ensuring that data is processed legally and deleted as soon as it is not needed, businesses can build trust within the staff community. For instance, an organisation could take personal details when hiring staff; however, the details should pertain only to the hiring process and employee management. The details will have to be deleted once an employee leaves the company. In fact, it is this level of transparency that augurs well for both employees and business.