Data is a vital part of human resources departments. Information about applicants, candidates and employees. These data include addresses, health information and social security numbers. HR also has information about background screening and data from criminal/credit background checks. They also have information about vendors, both past and present. HR also has data about benefits, jobs, and salaries. Some data can be accessed online, while others are printed on good-quality paper.
To protect customer data over the years, many organizations have developed measures to ensure data security and to take appropriate actions if data is lost or stolen.
HR seems to have always taken data seriously. It’s time to go further. HR departments need to adopt a marketing-like approach to their data. These are some things to remember.
Confidentiality is still important. In a sentence, HR and confidentiality are often used together. There’s nothing wrong with that. This is our chance to use our goal of keeping employee information confidential as the basis for updating policies and procedures.
The HR department must assess the data risk. It is time for organizations to internal assess the risk they are taking in relation to HR-related data. Many companies want to tell you, “That won’t happen to us.” But does that risk sound right?
A data breach policy should be in place. This policy is not something I want to write about. We don’t want the hurricane procedures or what to do if an executive commits an illegal act. We have to. Once the procedure has been completed, you can relax knowing something is done. We may never need it.
Request vendors to share and create their policies. This conversation does not only apply to human resources departments within the company. Businesses that offer HR products and services must consider data security protocols. These conversations must be addressed at the front end. It should be part of your initial pitch. “We respect your employees’ data.” This is what we do to keep it safe.
Make a plan for missing files. Companies should have a procedure for missing employee files. I can’t recall having such a policy in my previous corporate roles. However, I didn’t work in a place where people moved around a lot. Workplaces today are more mobile. This means that files are also more mobile. This may make it more likely that a file or piece of data is lost.
It’s more than just employee files. Transparency is not just a catchy phrase. Transparency can help candidates get the job. Transparency can make freelancers stand out from the rest. Vendors also understand the importance of transparency in securing a contract. Not only must HR departments be sensitive to data about employees, but also non-employee information.
Communicate your policy. Once the company has a plan, let others know. The company informs customers about how their data is protected from a marketing perspective. Discuss with your legal counsel how you can share information about employee and applicant data security. What should the company tell employees during the onboarding process?
HR might be able to take some cues from marketing and accounting regarding data security and policies. This is a great thing. It is important to recognize that HR information is highly sensitive and should be treated with the same security precautions as the rest of the company’s data.