Protecting employee data is paramount to any firm, regardless of the industry. The attention firms devote to data privacy is usually spent on protecting client data, but they are not the only group of people whose data is stored in the system. Employee data is just as personal and just as vulnerable as client data and is often overlooked as data that needs protecting.
People around the world are concerned about experiencing a data breach and having their personal information stolen in some capacity. That fear is mostly warranted since over half of Americans have personally experienced a major data breach, according to a study conducted by the Pew Research Center. Furthermore, about half of Americans feel as though their employee data isn’t properly protected, and is actually less secure now than it has been in the past.
Protecting employee data should be just as big of a priority as it is to protect client data, as it’s all considered personal data. Employees are important stakeholders, just as clients are, and privacy is equally as important to both groups. Employee data can include personal information like banking information, Social Security numbers, home addresses, and phone numbers. In the event of a data breach, client data and employee data are both at risk of being stolen and exploited, so why protect one more intensely over the other?
What kind of data should be protected?
Over time, a firm can collect a great deal of information about their employees. Not all of it may seem particularly important or relevant to protect, but when you look at it, on the whole, it can leave the employee vulnerable. Being transparent about what personal information from your employees you store can help them feel more at ease, however, having the right guidelines and protections in place is still necessary.
Enacting security measures like adopting HITRUST certification, encrypting sensitive information, limiting WiFi use on unsecured networks, and having penetration tested infrastructure are great ways to ensure your firm is doing all that it can to protect employee data. While the best practice is not to store any data that isn’t completely and totally necessary, that isn’t always possible when it comes to your employees. There is data that needs to be collected and saved in order to keep a proper paper trail or when keeping organized records, including:
- Hiring records like resumes, offer letters, and applicant-tracking data
- Background check information like passport numbers, driver’s license numbers and driving records, worker eligibility forms, criminal history reports, credit reports, and drug test results
- Personal data like names, addresses, phone numbers, medical details, Social Security numbers, and emergency contact information
- Employment records like pay grades, tax records, performance reviews, disciplinary actions, attendance and paid time off, certifications or training records, and licences
- Benefits information like payroll, timesheets, benefits enrollment forms, status changes, and vacation tracking
- Internal information like employee handbooks, safety guidelines, and evacuation procedures
Employee data can be compromised or stolen from both an outside attack or from an internal source. Internal theft accounted for 42% of security incidents in 2017, so it’s paramount that any new hires should be carefully considered and background checks should always be conducted, identity management systems should be in place to record and track any employee access, and any access privileges should be immediately deactivated when an employee leaves the firm.