From the very beginning of an employee/employer relationship, when the prospective employee applies, they are providing necessary but sensitive information. From names and addresses, dates of birth and social security numbers, HR has access to a lot of information that, in the wrong hands, could spell disaster.
In 2021 alone, the Federal Trade Commission (FTC) received over 1.4 million reports of identity theft. Identity theft costs Americans billions of dollars every year. Along with this growing threat, employers are also being held increasingly accountable for their part in not properly securing sensitive information. That’s why safely handling sensitive information is vital for both you and your employees.
Some ways you can ensure sensitive employee data is being properly protected include:
Create formal policies and procedures for handling data
In your policy, make sure you define exactly what type of information is considered “sensitive” for your company so everyone understands what information needs to be properly protected. Next, create disciplinary policies that address any unauthorized copying, transmitting or viewing of personal employee data. Finally, create a formal procedure employees can follow if they believe personal information they provided to the company has been compromised in some way.
Secure all information effectively
Whether you keep information electronically or on paper, always make sure you are properly securing all employee records. If on paper, make sure that all records are stored in a locked location that a limited number of people have access to. If you use electronic programs to keep records, those records need to be encrypted, password protected and kept on a secure server.
Find alternative ways to identify employees
Getting a job and retaining that job year after year means the paperwork will eventually stack up. In a lot of companies, an easy way to identify employees is through the use of their social security numbers. With all that paperwork, that means you’ve increased the chance of compromising that sensitive information. Consider using unique employee numbers instead so you still get easy identification without risking compromising your data.
Know the law and follow it
A growing number of states have enacted data privacy laws that apply to all businesses and the information they gather from employees. For example, New York State just recently passed an employee privacy law that requires employers to give employees notice that any phone call, email or other kind of communication transmission may be monitored. This law gives employees notice that the private information they provide in this manner may be monitored by the employer. Other state and federal laws may govern how your business handles information, so make sure you know the laws and follow them.
Destroy employee records properly
While some records are required by law to be kept for a specific amount of time, when the time comes to destroy records, make sure you do the job thoroughly. If they are paper records, use paper shredders or other means of destroying the paper before it’s disposed of. If you use electronic records, make sure that when they are deleted they are unreadable and irretrievable.
Empower employees to safeguard their own information
While you may have your documents encrypted or locked up, employees usually walk into the office every day with a variety of personal important information on their being such as social security cards, driver's licenses or credit cards. Advise your employees to keep purses, wallets or anything that may contain this information in locked desk drawers or cabinets. Additionally, make them aware that they should never place personal mail, such as checks or bills that may contain personal information, in unlocked outgoing mailboxes.
Train employees about security
Provide clarity for all employees about what measures your company takes in making sure their private information is staying safe. Provide additional training to employees who have access to personal information, such as payroll or HR employees, about unauthorized access, how to report security breaches and how to properly destroy and dispose of employee records.
Are you looking for more information about best practices when it comes to employee records or anything HR related? The Complete Payroll blog contains hundreds of up-to-date articles that can help you find answers to all your burning questions. Visit us today!