• 15 April 2014

Five common mistakes HR managers make when keeping employee data secure

Storing and accessing employee data is essential to the smooth running of a HR department; however sensitive information is sometimes treated recklessly. The line between keeping this data safe and it landing in the wrong hands is something that has to be considered when you are storing data. Here are some of the most common mistakes when keeping this information secure and how to fix them.

The curse of the USB stick

Staff copying sensitive and confidential information on to portable drives is illegal, and so losing a USB stick or leaving such information on public transport or in a public place could land your company in trouble. 

Too many companies have been caught out by this, the latest being Hong Kong Hospital which exposed patients data because of a lost USB drive. If a hospital is capable of losing such sensitive information, then your HR team could be too.

Unprotected servers

With the rise of BYOD, more and more people are using tablets, smartphones or their own laptops at work. Allowing everyone to have access to the server from devices which may not be secure means that leaks are far more likely to occur. The more devices on the system the bigger increase in the likelihood of security breaches.

Keeping all information in one file

Personal information on individual employees should always be kept separate to direct employment information. Some companies fall foul of this, especially ones which use paper storage as their primary source of filing.

The main reason for why this mix up shouldn’t happen is because the personal information may be seen by the wrong person and information could be construed as discriminatory e.g. date of birth, marital status, medical history etc.

Law abiding records

Most businesses are required by law to keep records of employee data for at least six years. Again, some companies are caught by this, with files being unorganised and getting mixed up (especially paper based). This leads to the wrong information being relayed back to staff in the HR team, or even worse, the wrong records being destroyed.

Discarding information on employees that have left

As we just mentioned, losing records on employees that are still working at your business is bad, but another problem is discarding information on employees that have left. These records should be kept as they contain vital information such as termination, medical records, workers compensation, accident reports and exit information. These could all be useful in any legal process between your business and an ex-employee. 

Lessons learned

So what have we learnt? When keeping data, your HR team should ensure that data security should be a number one priority as copying confidential data onto a USB stick is illegal. Using a cloud based system means employees can access information from wherever they are, meaning there’s no need to make their own copies which could be open to abuse.

All employee information should be stored in a way which is accessible. Finding a system which is capable of storing information for up to six years will ensure you stay on the right side of the law, and mean you’re prepared for any disciplinary proceedings.

Using a cloud-based system on a SaaS basis means there is no additional storage or IT costs to you, allowing you to store as much information as you need. So you no longer need to discard information on ex-employees such as termination and medical records, workers compensation, accident reports and exit information, which can be useful for any legal cases you may well have with ex-employees.

Here is a video on how you could simplify your HR processes with one solution.