Controlling Access To New Hire Data
Workforce.com has a very interesting series of articles available about data breaches in HR. When employees’ personal information is compromised and ID theft occurs as a result, it is not unusual for employers to be held accountable in several very unpleasant ways. The affected workers may sue, the FTC may investigate and find the company in violation of data privacy laws, and the media has a field day. On top of this, even those employees whose data was not compromised will begin questioning how much they can really trust HR.
Why and How Are Breaches Occurring?
These disasters can occur as the result of a single mistake or poor decision that leaves data vulnerable to exploitation. However, an HR data breach is also likely to happen due to systematic failure to provide adequate security or develop/follow intelligent protocols in data handling. Take a look at this list of 12 companies that were spotlighted in the media in 2005 for their inability to keep worker information safe. Most of the data breaches were the result of equipment theft (laptops, etc).
With today’s technology, there’s no reason for the sensitive data on a laptop to be left unencrypted. Theft happens – but this doesn’t automatically mean a criminal should be able to easily access private employee information if that happens. Especially with HR data, IT should have procedures and software solutions in place to keep data that absolutely must be stored on laptops secure. HR employees must also be trained not to download sensitive data without appropriate authorization onto any device that could be stolen. If an HR staff member takes a laptop off site, they should treat it as if it was full of gold bullion – because employee data is a real goldmine to identity thieves.
Other data breaches on the 2005 list are the result of unauthorized access or stolen passwords. There are a couple of ways to cut down on these risks. Segregating sensitive data (such as social security #s and bank account #s used for direct deposit) is one partial solution. Whether in paper or electronic form, this information should be restricted to the smallest subset of individuals possible. For example, if IT is testing their intranet site and need to grab a test file to post on a page they should never be able to accidentally post a file containing employee information.
To reduce the incidence of password theft, using single sign-on technology is a common sense precaution. When HR employees have only one password to remember, they can be more easily trained not write it down anywhere.
Protect New Hire Data
Since most sensitive worker data is first collected during the onboarding stage of employment, security is especially critical during this phase. Emerald Software Group promotes the use of single sign-on applications and securely hosts data following industry best practices for employee data handling. We also work with each client’s IT & HR department to ensure new hire data is fully protected. Workers’ private information is restricted to authorized HR employees and every instance of access is tracked and logged. Learn more about our Universal Onboarding solution here.