Are You Vigilant About Protecting Employee Data?

In this era of high-profile cyberattacks and rampant databreaches, it behooves companies to take a closer look at how they areaddressing data privacy and security. For the safety of workers and theirenterprises, it is crucial that organizations today are vigilant about protectingemployee data.

“The recent Facebook and Cambridge Analytica news storieshave helped to uncover business practices related to data use that range fromcavalier to outright irresponsible,” writes Ellen D. Wagner in PuttingData to Work, a recently published Guild Research report. “Thesestories have spotlighted the need for tighter oversight and regulation of datause and reflected greater concern for data privacy.”

Although various state and federal agencies—most notably theUS Federal Trade Commission and the Federal Communications Commission—providedata oversight, companies must also assume responsibility.

What sort of data should be protected?

Companies tend to amass a great deal of information aboutemployees. Some of it, such as the fact that a worker completed on onlinesexual harassment training course, may appear benign. However, stringentright-to-privacy laws protect employees. For this reason, all employee-related datashould be kept confidential.

Storage is also a concern. Data is vulnerable, whether it isstored in a locked file cabinet or retained electronically in the cloud. Whateversystem your organization uses, take precautions to make sure the data is secure.

Here are some categories of employee data that may be onfile that should be protected:

Hiring records, including applicant-trackinginformation, resumes, and offer letters;

Background-checkinformation, such as drivers’ license numbers, passport numbers, I-9 workereligibility forms, credit reports, driving records, criminal history reports, anddrug test results;

Personal data,such as employees’ names, addresses, phone numbers, social security numbers, medicaldetails, and emergency contact information;

Benefits information,including payroll and timesheet records, benefit enrollment forms, employeestatus changes, and employee vacation-tracking;

Employment records,such as titles, pay grades, positions, W-4’s and tax records, performanceappraisals, career development plans, disciplinary actions, attendance and PTOtracking, training records, certifications, and licenses;

Internal companyinformation, including employee handbooks, emergency evacuation procedures,safety guidelines, and catastrophe response plans.

Guidelines for protecting employee data

Although the information technology (IT) department can (andshould) establish firewalls to secure sensitive information, protectingemployee data often requires the collaboration of human resources (HR) andlearning and development (L&D). For example: HR can monitor networks forbreaches and use predictive analytics to track and respond to potential threats,while L&D can provide training to educate employees on the importance ofprotecting data.

In a poston talentculture.com, Meghan Biro offers some practical suggestionsfor protecting employee data:

• Setstrong, unique passwords. Advise employees to create robust passwords for allwork-related programs and applications.
• ProhibitWi-Fi use on unsecured networks. Many telecommuters work from publicplaces and business travelers may use unsecured hotel Wi-Fi networks. Suchpractices are risky. Consider equipping employees who work offsite with securedmobile hotspot devices.
• Keeptrack of devices. Warn employees not to leave their devices unattended, as hackerscan quickly install ransomware that can memorize keystrokes and/or stealpasswords.
• Addresslost or stolen mobile devices immediately. Require employees to reportlost or stolen devices, and quickly deploy software that can remotely wipe datafrom them.
• Leveragetechnology. Take advantage of predictiveanalytics, which can immediately recognize and respond to anomaliesin network traffic.

Some final tips

Employee data can be stolen or compromised from both insideand outside an organization. Inside theft is particularly insidious. Forbes.comoffers some tips to help prevent the internal theft of employee data:

• When hiring new employees, conduct thoroughbackground checks and screen for desirable behaviors.
• Use an identity management system to record andpattern employees’ access by role.
• When onboarding, provide training about thecompany’s policy regarding the treatment of confidential data. Include details aboutthe handling of sensitive information as part of mandatory compliance training.
• A study found that one-third of US and UK officeworkers still have access to their former company’s data and systems afterleaving their jobs. When an employee leaves, deactivate access privileges afteroffboarding.

Learn more about data

Organizations of all sizes understand that protecting employeedata is of vital importance in today’s world. They need to be aware of what data is being stored aboutemployees, as well as how and where it is stored.

Learn more about data and how to effectivelyleverage it at The eLearning Guild’s Data& Analytics Summit, scheduled for August 22 & 23, 2018.