With data breaches at retail giants like Home Depot and Target making regular headlines, cybersecurity certainly seems like it’s the province of IT and operations. But, beyond those headline grabbing consumer-data breaches are hundreds of others that involve employee records and/or employee conduct which causes a breach.
In fact, according to recent data, human error and system operations, not hacking, were involved in roughly 2/3rds of data breaches. Whether it’s employees mishandling information, unintentional data dumps, stolen laptops, or simple mistakes, human error is unavoidable. These types of data security issues are all problems that typically land on the desk of the Human Resources Manager.
SO, WHAT ROLE CAN HR PROFESSIONALS PLAY IN DATA BREACH PROTECTION?
Yet, despite the role that employee actions and employee records play in many data breaches, data security is still largely considered an IT issue. As jgiszczak and I discussed last week at the American Society of Employer’s Annual Employment Law Conference, companies that include HR professionals in their data security preparations can minimize the risk of a data breach and are better prepared to respond if one does occur.
So, what role can HR professionals play in data breach protection?
A key element in minimizing the risk of a data breach is knowing what data the company has, who has access to it, and where it’s located. That’s where HR can play an important role. HR professionals are used to gathering and protecting confidential and sensitive information. Think background checks, social security numbers, health-related information, investigations, discipline, and workforce reductions to name just a few things that HR keeps hush-hush. HR should be part of a data security team that is responsible for identifying and safe-guarding company data.
THERE'S ALSO NO DENYING THAT HR PROFESSIONALS LOVE A GOOD POLICY
There’s also no denying that HR professionals love a good policy. This ties HR to another critical aspect of an effective data protection program: ensuring that policies, procedures, agreements, and training are in place to address the risks and legal obligations involved in handling data covered by the many overlapping breach notification laws. Who better than HR to ensure that clear and effective policies are drafted, distributed and signed, that training is conducted, and that confidentiality agreements are updated and fully executed. It’s what HR does and companies can leverage those skills to protect their data.
Everyone knows the saying "it takes a village to raise a child." Well, here’s a data security-twist: it takes a team to protect a company’s data. Working in conjunction with IT, legal, operations, finance, marketing and other departments, HR professionals are key players in protecting data and minimizing the risk of a data security breach.