Protecting Employees' Privacy

Protecting Employees’ Privacy
The upside of digital technology for business has been undeniable. It has created a mobile work force able to connect instantly with clients the world over. It has also streamlined record keeping, saving companies time and money by storing data on servers instead of on paper in filing cabinets, making information immediately accessible, including:

• Corporate intellectual property

• Client lists, transactions, and credit card/payment information

• Employee personnel files

• Payroll records

Intellectual property and client information can be protected through hardware and software security solutions. The personal information kept on employees requires special handling to ensure workers’ privacy is maintained. According to research the personal information employees most want kept private are sexual orientation, credit reports, performance reviews, Social Security numbers and medical/health records. However, other research has found that insufficient corporate security is a factor in a significant amount of identity theft.

The first step in protecting employee’s privacy is to know what information is there that needs protecting so taking an inventory of all the employee information stored on the company’s computers is a good place to start. That includes desk tops, laptops, memory keys, external hard drives and even mobile devices. Consolidating the information makes security easier to manage.

As with any data, there are fundamental safeguards to use:

• Keep employment records in a password protected computer environment.

• Make records accessible only to those directly involved with HR matters

• Only hire temp workers from agencies that do background checks

• Do not use Social Security numbers as employee IDs

On the surface, a Social Security number as an employee ID makes sense because it’s a unique identification that never changes. And when personnel information was kept on piece of paper locked in a metal filing cabinet, by and large such information was secure. But today, because a Social Security number links many types of records, it is the single most important piece of information for those engaged in identity theft.

To protect your company’s network and/or computers from unauthorized access there are several safeguards that should be put in place:

• Install a firewall

• Encrypt any personnel information located on laptops and other portable devices

• Educate employees on how to create a secure password

It should also be company policy to only keep as much personal information as necessary. For example, if a part time employee does not get company health insurance, there is no reason to keep any health documentation. Many companies publish online and hard copy employee directories. Employers should offer their workers an opportunity to opt out of having any contact information published in a directory.

When an employee leaves, any identifying information that is not longer legitimately needed should be properly destroyed.  To that end, desktops and laptops should be regularly checked to make sure there is no sensitive information stored on it about a former employee and personnel files should be regularly updated.

While the issue is protecting employees’ privacy by securing computers and mobile devices through an IT strategy, in the end, security is as much a people issue as it is a digital issue. At each level, it is up to individuals to follow the procedures and stay diligent:

• Determine whether the safeguards in place are sufficient to control the identified risks.

• Educate workers in the company’s security program practices and procedures.

• Select service providers with proven skill at maintaining appropriate safeguards

• Keep the in-house security program flexible so it can adapt to changing software, hardware, or company circumstance.

Should a company’s system be breached and any sensitive personnel information compromised, it is imperative employees be notified immediately.