In today’s world of identity theft, it is important that HR professionals work to achieve maximum security and privacy for employees. When private information is exposed, it can be costly. For example, in March of 2011, the Texas Comptroller’s office inadvertently disclosed on a public website the names, addresses, and social security numbers of 3.5 million state workers. 1 The state has already spent $1.8 million to remedy this problem by sending letters to affected parties and hiring technology consultants to review office procedures. While keeping employee information private is the responsibility of all management in an organization, ensuring privacy remains the job of the HR professional.
Some of the things to combat employee identity theft include the following:
- Conduct background and criminal checks on employees who will have access to sensitive data.
- Restrict access to areas where data is stored, including computers.
- Provide training to staff who will have access to private employee information.
- Keep information in locked files or in password-protected files.
- Use numbers other than social security numbers to identify employees.
Another privacy issue that comes up often is the monitoring of employee activities on devices that are provided to them by the organization. Case law, for the most part, has decided that employees do not have privacy rights if they are using the organization’s equipment, with a few exceptions. As a result, more than half of all companies engage in some kind of monitoring. According to an American Management Association 2 survey, 73 percent of employers monitor e-mail messages and 66 percent monitor web surfing. If your organization finds it necessary to implement monitoring policies, ensuring the following is important to employee buy-in of the monitoring:
- Develop a policy for monitoring.
- Communicate what will be monitored.
- Provide business reasons for why e-mail and Internet must be monitored.