Ever since I have been working with HRIS in the context of global companies, I’ve been collecting notes on how the HR data, sensitive and private as it is, can be protected. I’ve decided to publish this blog, but here goes the DISCLAIMER: these notes are of a general nature, and share my personal ramblings and thoughts on the matter. It should not be construed as an attempt to offer or render legal opinion or engage in the practice of law. Please consult the advice of a licensed professional if you require it.
What is what?
One of the modern-age most compelling frauds includes one form or another of identity theft (identity cloning, financial ID theft, medical ID theft); we have seen first-hand phishing attempts received by mail and e-mail, and are careful in shredding personal documents rather than just throwing them on the recycling pile. As HR professionals, working with HR information, we are aware of the sensitivity of the data entrusted upon us by our company; and as employees, we expect that our information will be appropriately protected and remain private.
Governments have produced laws and guidelines, and since 1981, groups of countries have entered agreements to decide how data (and in particular, HR data) can be shared across borders.
Image from HERE
Plenty of information is available, often fairly indigestible and written in “legalese”. Several terms appear to be used in alternance, are they really synonyms? Not quite.
· Data integrity addresses the concern that data should be correct and complete for the use we want to make. As a simple example, if the address held about your employee is not updated, correspondence will fail to reach him/her, and consequently data is trash.
· Data security is focused in keeping information safe, seeking protection from access by unauthorized entities. The idea is to avoid hacking and intruders; both to prevent theft of ideas or valuable information and to protect the integrity of the data (as above) against corruption (either accidental or willful). To date, it relies as much on technical hacking prevention and on the strength of individual passwords... and that is a weak link, see below.
· Data privacy is often confused with data security, but actually starts from data security, spanning a wider area. Its concern is to ensure legal compliance with the multiple international regulations controlling and protecting the individuals’ rights to keep their data safe and private; it isn’t merely protecting against external intrusions, but supervising the way HR data is shared internationally, where it is stored, how it is accessed. It means providing adherence to data privacy guidelines and regulations, all around the world where your organization is active.