HR strategies for Employees Data Protection

The role of HR in employee’s data protection

Recruiters play a strategic role in preserving personnel’s sensitive information

On a daily basis, HR professionals manage an incredible volume of confidential details of employees and potential candidates. Normally, personal information is collected by recruiters through offline/online application forms, interviews, and calls. Unfortunately, data breaches could be just behind the corner and they aren’t produced solely by external hackers, on the contrary, one of the most common violations can be generated by the so-called ‘accidental insider’. For instance, an employee using the PC of his/her colleague and starts exploring files without a suitable authorization. Even if the access is unplanned and without information sharing, this is considered data breaching.

The consequences of a possible lack of confidentiality can lead to severe legal and moral damages both for the company and the responsible employee. It is important to remember that recruiting is not only about finding the right person for the right position: the process also implies, most and foremost, maintaining an impeccable ethical conduct.

So, which are the main data items that an HR manager should safeguard in terms of data protection?

HR Responsibility for Personnel Confidential Documents

The HR division is accountable for the Responsibility for Confidential Files that include:

  • Employee data – sensitive information related to compensation, job performance, personal contacts, work history and employment eligibility documentation, which often includes a copy of the employee’s Social Security card, driver’s license, passport or work authorization.’
  • Medical specifics –  this information is very sensitive and should be accessible only to an appointed data privacy officer and it can ‘be an existing employee or externally appointed.’
  • Staff Responsibilities – HR professionals are required to keep a high degree of discretion when dealing with information about ‘individual employees, employment actions and HR departmental issues.
  • Remote workers – recruiters have to prevent data loss and data violation also for those working from home.

How can an HR manager prevent a data violation and protect both the company and the employee?

Due to growing cyberattacks, workers’ sensitive data needs to be protected, and human resources play a crucial role in ‘minimizing employer liability’. There are damages that are simple to quantify and others that present much more complexity. The most difficult one to evaluate is the ‘reputational damage to the business’.

For example, ‘in the UK, the average cost of a data breach has grown to nearly £2.7 million’. HR managers can counteract this kind of damage with the best strategies that consist in:

  • During the onboarding process, make a list of all equipment and devices that the company gives to the new employees. This will prevent any delicate information getting out of the company when the employee decides to change the organization.
  • All employees should receive an adequate training on how they can spot swindles, especially ‘when a breach or attempted breach occurs, employees who handle PII (personally identifiable information) must feel comfortable stepping up and notifying the appropriate staff. This is essential for resolving the situation, but also because employers must provide certain notices when information is compromised.’
  • Make a strong BYOD (Bring-your-own-device) policy, because ‘the more mobile the device is, the easier it is for an unauthorized person to walk away with the device and any sensitive information that is stored on it.’ Employees should also have a clear written rule on how they should manage data when working remotely.
  • HR managers have the power to create a culture based on compliance and they can play an essential role in informing senior management about the significance of having specific security policies that all staff members are required to follow.

Data protection for remote workers

The current global working context, due to COVID-19, is experiencing a pivotal moment for what concerns remote working. Many industries and global companies have ‘rolled out mandatory work-from-home policies amid the spread of Covid-19.’ For many employees this is the first time they approach remote working and they need to be thoroughly informed, guided and supported by HR, in order to guarantee maximum protection of the data they manage and receive.

What are the measures that can be implemented? Here are some of the most effective:

  • Security protection needs to be updated, including ‘device encryption, firewalls and web filtering’
  • Inform all remote workers of the implications and consequences of a stolen or lost laptop or mobile phone. Provide also specific guidelines of how they can use a safe approach when travelling with these devices.
  • Privacy is of extreme importance and especially in case of highly confidential projects invite them not to share reserved details regarding the company or the client. For example, ‘any phone calls or online team meetings shouldn’t be overheard, particularly if the work being discussed is business-critical or sensitive. Make sure the user is the only one who can see the screen.’
  • Keep personal data safeensure it is in a lockable storage unit. Do not leave any paperwork in a vehicle or lying around in the home, it must be locked away securely at all times.’

Are you a recruiter or a HR professional? Jobrapido is a global job search engine with a pool of high potential jobseekers. We can offer you the most competent targeted candidates on demand.