With the rise of things like Big Data and analytics, HR holds an increasing quantity and variety of data.
But do you know how secure that data is?
Craig Searle, head of cyber security Asia Pacific at BAE Systems Applied Intelligence, told HRM that having robust security controls around data was critical.
HR professionals also needed to be aware of their legislative and regulatory obligations around such information, said Searle.
“If you want to get rid of the data you’re holding on an employee who has perhaps left the company, it’s understanding what the legislative and regulatory requirements are around when you can get rid of that data and what appropriate measures you can take in getting rid of it, like secure deletion processes and that sort of thing.”
He said that information security wasn’t just a technical problem for the IT department, it was a business-wide issue.
“A culture of security needs to be introduced into organisations and HR has a big part to play in that.”
He said that workplace safety had evolved over the years from something that wasn’t considered an absolute necessity, to being a critical part of organisations.
“There is an expectation that not only will employees behave safely, but that their coworkers will point out to them if they’re not behaving in that manner. I think information security has to head down that path. There has to be a culture of security at every level of the organisation and employees should not feel anything other than support if they identify poor behaviour in the information security space.
“A colleague sharing a password – that should be seen as roughly akin to someone behaving in an unsafe manner from an OHS perspective. That’s the key way we’ll see improvements in the information security realm. It needs to be embedded at a cultural level and HR is really at the forefront of getting that across because HR touches every layer of the organisation.”
Companies could face serious penalties if a data breach occurred and they were found to have been negligent on the security front, said Searle.
But an organisation’s public image could also take a major hit if it was revealed that data had been stolen or misused.
“Organisations need to be aware that not only do they face regulatory or potentially legal problems if they have a data breach and are found to be negligent, but also they could suffer some pretty significant public relations issues as a result of having to publish the fact that they had a major breach of data.”
Is data security part of your company’s culture?
BYOD entrenchment brings risks
Lax security at New Zealand businesses