Human resources professionals are charged with collecting – and storing – a wealth of information about employees. From maiden names to social security numbers – and just about everything in between – they are entrusted with the type of information that could certainly catch a pretty penny on the black market.
Most data breaches are from within a company, according to reports. Human error, such as a lost device or misplaced papers caused a data breach, according to 47 percent of business leaders polled in an industry report. Data breaches cost companies millions of dollars.
Keeping this type of data safe is a major priority – and one that falls squarely on the shoulders of most HR pros. Do you know how secure the company data is? Below we outline some steps human resources need to take to safeguard your employee’s information.
Get It and Forget It
When it comes to collecting data on your employees, get only what you need to meet the objectives of your department or business. Collecting extraneous information for the sake of having a full picture is unnecessary and puts your employees at risk for a seriously damaging data breach.
Shred It and Forget It
Keeping records on employees is one thing, keeping paper records is a whole other one – and one that really swings open the doors to a world of liability. The first step is to develop a records retention policy that explicitly states how long certain documents must be kept, followed by a massive purge of anything that is outdated, with a particular focus on clearing out lingering data that you have on terminated employees and contractors. For everyone’s protection, ensure data is safely disposed of with a professional secure shredding company.
Once you develop a system for keeping appropriate employee data, think very carefully about who needs to have access to the information. The simple answer to this question is to restrict it to as few people as possible with password protection, encryption or select server access. Think essential personnel only. Sure, someone in another department might need an occasional odd bit of data, but rather than give them access to the whole enchilada, instead agree to be the one that plays fetch when they make a request. Is it a time saver? No, but it will ensure the continued security of your information.
Keep It Off Site
We’ve already told you about the perils of keeping paper records any longer than is totally necessary, but let’s talk about keeping them on-site at all. If you are keeping them in your office, where is this data stored? Is it in a filing cabinet out in the open – which is super common, but an obvious no-no, or do you keep it in someone’s office? Unless said office door is locked at all times – or has a lock feature and one responsible key owner – your data could still be at risk.
Know Who You Outsource To
Outsourcing to a data housing company or cloud-based services is – on the surface – a great option, but does the service you are using adhere to security policies and procedures that align with your company needs? Are they up-to-date on how to best safeguard your data?
Make a Plan
While you can take steps and cross your fingers that a data breach will never occur, you should still have a plan in place for what would happen if you did experience a data theft or breach. Know who you need to contact, how you will tell your employees, and what steps you will need to take to ameliorate the issue.
A well-thought-out plan to securing employee data will go a long way in protecting the business and them.