We’re almost done with our look at the 10 Generally Accepted Privacy Principles and how they relate to HR. This next principle is very important for all HR transactions whether you’re using a paper based system or a fully virtual one.
Security for Privacy
Without adequate security, any sense of privacy is an illusion. Data can easily be lost, misused, exposed, or destroyed unless it is properly protected. The GAPP security principle covers physical, organizational, administrative, and technological safeguards. The level of security should be matched to the level of sensitivity of the information collected. In the United States, health information is considered to be some of the most private data – closely followed by financial information. Both types of data may be stored in a typical HR system. This means best practices dictate that HR should have some of the highest levels of security for personnel data.
Examples of Security Measures
An employer’s procedures for HR privacy might include physical measures such as housing HR in area that can only be accessed with a swipe card or RFID badge programmed with the appropriate permissions. Administrative procedures might include having an approval process in place for handling any requests for access to restricted data. A company should also have a backup plan including data storage off site for recovery in the event of a catastrophic event like a fire or natural disaster.
All electronic and physical modes of data transmission as well as the data itself must be protected from unauthorized access or accidental exposure. There’s a lot to think about. It’s not a bad idea to have a consultant review your HR security systems and protocols to identify weak spots. Then, plan and carry out annual testing as advised to ensure that everything is still working correctly.
Onboarding is a Critical Juncture
Typically, all of the information a criminal would need to steal someone’s identity is collected by HR during the onboarding process. This means taking care in how this data is handled is imperative for the privacy of your new hires. With Universal Onboarding, you can rest assured that our SaaS security strategy is well conceived and properly executed. This includes everything from the physical protection of our data facilities and servers to the encryption used to safeguard data as it is transmitted over the web. We’re happy to work with your IT department to review each aspect of our security policies and procedures so you can verify that there are no gaps.