Did you know that in the US in 2019, an organization on average fell victim to ransomware every 14 seconds? This means that personal information stored in IT systems was accessed unlawfully, placing employees at risk in myriad ways.
Personal data is what it is- personal. Organizations that hire employees have a responsibility to keep their personal information safe and secure. However, the instances of cyber security breaches every year are shocking. As cyber criminals’ methods grow more and more advanced, companies also take advanced measures to ensure that their workers’ personal information is kept safe, including purchasing insurance to protect against the risk. However, the risk only grows every day.
When individuals join a company, they hand over sensitive personal information to their employer with the implicit trust that this information will not be used unlawfully or exposed to outsiders. To this end, a company’s HR Division holds great responsibility in ensuring that the necessary systems and measures are in place to protect against computer hackers, malware, and cyber criminals. However, sadly, even information stored on the cloud can be hacked by those who know their way around firewalls. As such, cloud providers need to have physical and technical controls in place to ascertain that there is no unauthorized access, acquisition, use and disclosure.
Organizations, whether they are start-ups or large established entities, can and should be held accountable in maintaining employee information privacy and security. In this, there are some key questions they should be asking themselves such as,
- Is there a policy on how employees’ personal data is collected and stored?
- Is the staff made aware of such practices?
- Is such information that is collected, absolutely necessary?
- When allowing third parties access to such information, is there a check on whether privacy obligations are complied with?
Now there are more sophisticated data protection protocols that can be followed to ensure that employee information is kept secure. The establishment of personal identity vaults, which enables employees to store their identity documents safely using advanced encryption, is one such way. In addition, it is essential that HR Divisions conduct extensive background and criminal checks on prospective employees, as records show that many criminals seek access to employee information by first gaining employment in those organizations. Regularly conducting audits on how personal information is stored is also effective is closing gaps in the mechanisms and processes.
Non-adherence to proper data protection methods can have serious ramifications. Theft of finances and identity theft are common among these. So, in this digital age, the onus is on organizations to put every possible security protocol in place to safeguard their employees’ information and privacy.