January 28 is Data Privacy Day: Do you protect your employees’ information?January 27, 2014
Data Privacy and your workplace: Is your employee data secure?
Data Privacy Day was first recognized as Data Protection Day Europe. It has been recognized in North America since 2008. It commemorates 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.
Data flows freely in today’s online world. Everyone – from home computer users to multinational corporations – needs to be aware of the personal data others have entrusted to them and remain vigilant and proactive about protecting it. Being a good online citizen means practicing conscientious data stewardship. Data Privacy Day is an effort to empower and educate people to protect their privacy, control their digital footprint, and make the protection of privacy and data a great priority in their lives. This isn’t just about e-commerce and social media. It’s also about employee information.
Employers regularly collect significant amounts of data on their employees for hiring, payroll and tax deductions, health benefits, insurance benefits, sick leave usage, emergency contacts, just to name a few. While this information is essential for various government mandated reports and filings, as well as for good human resource management, if this information gets into the wrong hands it can create considerable concern, anxiety, and outright problems for individuals (and potential liability for the employer). So today is a great day to take a moment to do a quick audit of your information protection practices:
At the office, are employees taking responsibility for safeguarding your organization’s data?
- Are they keeping their codes and passwords private? You’d be surprised by the number of people who keep them in a note in their drawer, or taped to the bottom of their keyboard or telephone.
- Are sensitive documents locked away at the end of the day?
- Are computers locked or turned off when the user is away from their desk?
- Are human resource files kept in a secure location with limited access (physically or electronically)?
- Is medical information kept in sealed files?
- Are pay slips put in sealed envelopes?
- Do you have a clear policy about what employees can install on their work computers?
- Do employees know how to use spam filters?
- Do employees avoid opening suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source?
- Is your virus checker and firewall up-to-date (and I mean really up-to-date — not just in the last 12 months).
When work remotely, is information kept secure?
- Are employees required to follow secure log-in procedures?
- Are they required to use wired connections or are they allowed to use wireless (Wi-Fi is very insecure — just ask any competent hacker)
- Are connections encrypted (may not be completely secure, but at least will keep out the less determined hacker)
- Is there a clear policy about keeping documents and computers secured (not left in the car, in the living room at home)?
- Are all computers and communication devices locked with a password?
If you didn’t answer yes to any of the above questions, you know what you need to do — right now.