Is Your Company Serious About Protecting Employee Data?
With EU GDPR coming into force to protect consumer privacy and data, there is a need for a similar
regulatory framework to protect employee data. Organizations are unfettered when it comes to
collecting employee data. Given the rising number of consumer and employee data breaches, it is high
time that organizations put in a conscious effort to protect employee data.
Employee privacy cannot be sacrificed to satisfy an organization’s growing need for data. Not only that,
intelligence on pay scale, performance appraisal, and other data are prime targets that competitors use
for poaching your employees. Therefore, it is important to look at all aspects of digital curation—right
from the point where data is collected, to what data is collected, to where be it deployed, and to how
safely it is deployed. The trend in off-shoring organizations’ data requirements has added many layers of
complications and created a lasting trust deficit. In fact, many organizations do not know where all their
employee data is stored. According to a recent Forrester study, only 41% of 150 organizations knew
where their employee data was located.
Here is a list of actions that diligent organizations do to ensure the privacy and protection of employee
Policy on data collecting: Specific policy measures assist the HR teams while collecting and working on
data points. The policy should clearly draw the line on where an employer’s ownership of the data
begins and ends. It should also specify the remedial measures, standard operating procedures and
escalation procedures among other things. Employees often are trusting and zealous when sharing
personal data with the employer. Today, as HR becomes more data, analytics, and tech driven, it is
important to have a framework in place to monitor transgressions and lapses.
Educating employees on privacy and security: Written consent, disclosure consent, and review consent
are some of the rights that the government has bestowed on employees. Every employee should be
educated about their rights when disclosing information and the employer’s liability to protect the
same. Also, staff should know that the company monitors all communications and files for data security
Organization-wide encryption: It is the organization’s responsibility to ensure that data security
solutions are tamper-proof and effective at all times. Given the number of devices and endpoints within
an organization, data protection becomes a gargantuan task. There are numerous encryption
deployments doing the rounds in the market. Organizations should choose a solution that is easy to use,
flexible and intuitive.
Security audits: One way of ensuring that sensitive data is treated with care is to put in place a
mechanism that permits security audits by third parties. Such audits should happen on need basis and
reports generated regularly.
Transparency: Organizations should realize that being compliant and transparent would help in
improving trust and security for employee and business alike. It creates better relationships all around.
By ensuring that data is processed legally and deleted as soon as it is not needed, businesses can build
trust within the staff community. For instance, an organization could take personal details when hiring
staff; however, the details should pertain only to the hiring process and employee management. The
details will have to be deleted once an employee leaves the company. In fact, it is this level of
transparency that augurs well for both employees and business.

Is Your Company Serious About Protecting Employee Data