Most employers are already taking steps to ensure employee data are kept safe. Employees want assurance that their personal data are being secured. Here are a few tips for employers to help keep employee data safe:
- Train everyone who has access to employee data to take steps to keep them secure. This includes utilizing the locks on storage cabinets, securing workstations with passwords, and locking those workstations when stepping away from them.
- Train employees on how to avoid phishing attempts from outside organizations. Many data breaches are the result of individual employees being phished—and thus the perpetrator gaining access to either their system or their passwords.
- Ensure managerial training includes components on employee data privacy.
- Train teams on the confidentiality requirements of medical information and how that impacts their work.
- Ensure HR staff and anyone else who keeps or has access to employee records know which records should be filed separately from the main employee file.
- Encourage the HR team to stay up to date on future legal changes. This may include subscribing to relevant newsletters, attending conferences, etc. The key is to find ways to be proactive and aware of regulatory changes. This tip is for both federal and state/local changes.
- Periodically audit the privacy controls and access levels for all types of sensitive employee data. Spot-check to ensure the data cannot be easily accessed by someone who shouldn’t have that access.
- Ensure the appropriate IT professionals are included in the implementation of any new software that will store sensitive employee data. There should be safeguards in place to reduce the risk of data breaches or unauthorized access.
- Have policies in place to encourage proper safeguarding of data in general. For example, review policies for employee passwords to ensure they’re being changed at an appropriate frequency.
- Work with IT to have complete response plans in the case of a data breach. Ensure steps are taken to discover such a breach quickly.
- Have a clear employee privacy policy that outlines exactly what an employee should expect in terms of personal privacy and data privacy in the workplace.
There are actually only a few true legal requirements in the realm of employee data privacy, but employees have much greater expectations. The Health Insurance Portability and Accountability Act (HIPAA) is a clear example that most employers are familiar with, which will come into play for medical information like that requested when an employee takes Family and Medical Leave Act (FMLA) leave or needs a reasonable accommodation due to a disability.
HIPAA may also come into play if an employer manages employee medical files related to health insurance applications. There are also laws requiring the disclosure of data breaches. Some states have protections in place for information like Social Security numbers and the like. But beyond that, most privacy and confidentiality matters come down to protecting individuals and the organization.
Bridget Miller is a business consultant with a specialized MBA in International Economics and Management, which provides a unique perspective on business challenges. She’s been working in the corporate world for over 15 years, with experience across multiple diverse departments including HR, sales, marketing, IT, commercial development, and training.