How Employees’ Safety Could Be At Risk From A Data Breach
Collecting employee data has never been more important to employers. In a security-conscious culture, it’s an important part of the vetting process, which can be ongoing as promotions enable access to more sensitive company data. HR needs data to manage equalities monitoring and to keep track of any special employee support needs. But data leaks can place employees at risk, and in this age of cyber warfare, that’s an ever-increasing problem. In making data more secure, it is first important for business owners and managers to understand why that security matters.
Identity theft
Cases of identity fraud increased by 57% in the UK in 2015, affecting more than 148,000 people. Because they can be difficult to prove and don’t always involve the loss of large sums of money, many cases like this go unreported and may even go unnoticed by the victim, but they still leave people worse off and in some cases they can devastate lives. They can also lead to individuals being wrongly held responsible for fraud offences and for running up debts, creating a host of problems for them, which can take years to sort out. The more pieces of their personal information an identity thief has, the more vulnerable individuals are. As employee records often hold name, address and date of birth in the same place, sometimes alongside bank details, it’s particularly important to ensure that they’re secure.
Sensitive personal data
Sometimes employees’ data can be sensitive in other ways. For instance, people who are on the run from abusive former partners or families who want to force them into unwanted marriages could be in real physical danger if their details become available to the public, and private detectives may use hacking as a means to try and track them down. LGBT people and members of some religious or ethnic minority groups can be at risk of persecution, with things they are happy to be open about in a friendly workplace potentially putting them at risk elsewhere. Employees in situations like this can be vulnerable to blackmail if their information is leaked, which could in turn put the company at risk.
Business decisions and personal consequences
In some cases, employees can be at risk if people know who they work for, as the company itself may have attracted enemies. For instance, employees of companies that engage in animal experimentation have sometimes been targeted at home by aggressive activists, as have workers from family planning clinics. If your work involves anything controversial, it’s important to think carefully about employee safety, and data security is part of that.
Data storage considerations
What can you do to secure data more effectively? Following these five steps is a good start:
- Keep track of exactly where data is stored and who has access to it.
- Ensure that all employees understand the importance of using strong passwords.
- Make sure employees know how to identify and report possible security breaches.
- Employ or contract in professional IT staff and have a dedicated security budget.
- Conduct regular reviews and risk assessments and take quick action on any weaknesses found.
If you do suspect a breach, you should tackle it as soon as possible, and never assume that it’s too late. If computers are turned on, leave them on; if they’re off, leave them off. This will help to preserve evidence that could be used to track the culprit, and it will make it easier for a specialist such as Fields Data Recovery to help you retrieve any information that has been deleted by hackers, giving you a clearer picture of what you need to deal with.
The Data Protection Act
All UK employers are obliged to comply with the 1998 Data Protection Act, which sets out a series of rules regarding how you look after personal information given to you by your employees. It doesn’t require you to be free from bad luck, but it does require you to think sensibly about how data is managed and who has access to it, so you should make sure you’ve read the Act (or at least a summary of it) before amending your data policy.
One question that’s always worth asking is whether you really need to collect as much data as you do. Often, data administrators ask for information out of habit or because everybody else does it, without thinking about whether or not it will serve any useful purpose. Data also has a habit of building up in systems, even when it’s no longer relevant, so regular clear-outs can reduce the amount of risk you’re exposed to.
Nothing can make you immune to data theft, but sensible data management means that you – and your employees – will be far safer overall.