Employee Data Privacy: Why Your Company Website Matters

As a busy human resources professional, monitoring your company’s website for employee data privacy may not be high on your list of priorities. You may think it’s marketing’s job to deal with the website, but company websites are often keepers of far more data than you probably imagine. Making sure your company is successfully prepared – including not just policies but action plans – is crucial. As an HR professional, you are also in an excellent position to engage employees and communicate changes to data policies, creating greater trust and understanding between employees and the company.

When it comes to your company’s website, you might be surprised at the amount of employee data hidden there. From inactive web pages, to employee image data, even hidden meta descriptions in PDF documents, finding and removing that data is a very real challenge. But employee data privacy is an issue that should be addressed by the HR team regularly and systematically.

No longer can HR teams abdicate responsibility for employee information. Make it a point to be involved as your company builds security protocols and plans for any incident or privacy concerns. Company policies should specifically address employee communications and you should let employees know that all files can be monitored for security weaknesses.

The Consequences of Ignoring Employee Data Privacy

In 2018, the new GDPR requirements provided privacy legislation within the EU (affecting many US businesses that sell products or employ workers globally). GDPR gives everyone the right to be “forgotten” by a website – meaning have all their data removed. This also applies to employees.

So if you have an employee who has created company documents and posted them to your website, the metadata contained in those documents could easily still identify that former employee, violating their “right to be forgotten.” This is just one area of which HR professionals need to be aware.

In 2017, credit bureau Equifax was hit by one of the biggest website data breaches in history. Hackers exploited a vulnerability in a web application to access customers’ Social Security numbers, addresses, dates of birth, driver’s license numbers, and credit card numbers.

The consequences of the data breach were terrible for both Equifax and its employees. The company experienced a significant loss of reputation. Although the company managed to come to an agreement with some state banking regulators in the United States to avoid paying fines, it faced large financial penalties in the United Kingdom and other areas. Meanwhile, Equifax employees were left in the dark about the data breach.

Simple communication from the HR team might have helped Equifax maintain it’s trust and relationship with employees following the data breach. Instead, after the breach was over, the company faced the challenge of working to reestablish its reputation among its own workforce.

4 ways technology for HR is more effective than ever

How HR Can Help Prevent Website Breaches

Staying on top of policies, protocols and specific employee data privacy issues can be tedious, but there are tools available to HR professionals to help make this task more manageable. Siteimprove is one such resource, and Collibra offers a whitepaper on “Data Privacy Regulation.”

It’s particularly important to address any area where sensitive or personal employee data is concerned. Communication is key, and your employees need to be reassured that all data is stored on a secure site (https). If your company has one, make sure you connect with your security team to understand correct protocol. If there’s no team in place, it’s even more vital to ask the right questions:

  1. What are all the places where employee data may be stored?
  2. Is all employee data encrypted?
  3. Who has access to employee data?
  4. What protocols are in place should a breach occur?
  5. How often should we meet to review our employee data policies?
  6. What should we be communicating with employees in this area?

Within your own team, be sure that access to employees’ personal data is limited to those that actually need to use it to perform their jobs. To reduce vulnerability, those with access should also create protocols for archiving, storing or deleting old or unnecessary employee data.

Always keep an eye to proactively creating easy-to-understand data protection policies. Be sure that those on your team that work with employees’ private data understand the laws that apply to that data. Maintaining employee trust is vital to your reputation as an employer of choice, and giving employees this peace of mind around their data is a vital part of that trust.

Ready to let employees know they can trust your company to protect their personal information? A custom-crafted online safety video from Projections can help you communicate with both your workforce and their families.

About the Author Walter Orechwa

Walter is Projections’ CEO and the founder of UnionProof & A Better Leader. As the creator of Union Proof Certification, Walter provides expert advice, highly effective employee communication resources and ongoing learning opportunities for Human Resources and Labor Relations professionals.