When a data leak at Sony exposed the private information of more than 15,000 current and former employees—including social security numbers, birthdates, and home addresses—it cost the corporation $8 million in settlements. For many companies, the data breach served as a reminder of the risks they incur having employees’ personal information.
Organizations know a lot about their employees. In fact, your employer probably knows more about you than any other organization, says data protection lawyer Tim Wybitul. Today’s HR departments house a goldmine of employee information, such as:
“From turnover rates and workforce characteristics to payroll and employment history, never before have HR professionals had such unfettered access to personal information,” says DataInformed.
All that information can be incredibly useful for measuring performance, identifying skill gaps, and recruiting new talent—but using it comes with risks. Data thieves find employee data especially enticing (its value surpasses even that of credit cards), and a complex patchwork of federal and state laws place responsibility for protecting it squarely on the company’s head.
Balancing data security with the need for access and analysis is much harder than it sounds. Routine business processes often include passing sensitive information in unprotected spreadsheets, causing nearly a quarter of organizations to have had a data breach that stemmed from the mishandling of data in motion. This raises some big questions: Who in your company has access to personnel data? Who should? How can HR professionals collect and analyze employee data, especially data that exists across multiple systems? How can companies safeguard employees’ privacy without hindering HR productivity?
First, let’s look at some of the most common pain points HR professionals face when it comes to employee data access:
Employee data exists in multiple systems and can be difficult to analyze
When employee data is scattered across an organization in different systems, it puts the company at risk. Many organizations don’t even know what data they have, let alone where it is.
“For an organization to really ensure privacy, the first thing it has to know is where its data resides,” says Jerrard Gaertner, co-founder of a data analytics, governance, and management services provider. “According to privacy legislation, you have to know where all this data is, as well as how each of these pieces of information is being processed and used in every instance of the organization.”
Furthermore, the lack of systems integration requires HR staff to gather employee information from multiple sources (often manually) and compile it into spreadsheets for analysis. For more than half of HR employees, the process takes several days—or even weeks – and all the time data is unprotected outside of its core system.
Spreadsheets are one of the most common vehicles for data theft. As much as 25 percent of data stolen or lost internally is in the form of Microsoft Office documents.
Every spreadsheet used to compile employee information opens a new point of vulnerability for your company’s data security. These types of documents can be useful for limited applications, but they’re a poor method for conducting sensitive business processes. For example:
“Spreadsheets are ideal for performing ad-hoc analyses and calculations with limited sets of data, but they should never be used as a database,” says administrative support expert Jodith Allen.
Developing strong data security policies and procedures can help prevent HR employees from accidentally exposing sensitive data. But even when an organization’s policies are clear, employees often fail to comply with them.
A study on data privacy found that:
One of the most effective ways to protect confidential data is to restrict access to it and ensure it cannot be stored on an employee’s device. Confidential information should be available only to those who can’t do their jobs without it. That’s why eight in 10 companies place high importance on managing end-user data privileges and are seeking solutions that help them identify and deliver only necessary personal data to HR employees.
If the above pain points illustrate anything, it’s that data access, analysis, security, and daily operations can’t be treated as separate entities. Rather, they should work together to keep employee information safe and HR teams efficient.
Some data security experts even estimate as much as half of all accidental data loss could be prevented with simple measures such as tightening operational practices.
For starters, companies need an efficient way to gather data from all corners of their organization so it can be monitored, analyzed, and protected. That’s exactly what Sapho was designed to do.
Sapho aggregates data from every system within your company and surfaces the most important information and actionable insights it can find — without the need for unprotected spreadsheets. It then delivers the information to only those who need it via a personalized “feed” that does not allow data to be stored on the device, helping to minimize the risk of exposing private information.
Interested in learning more about how other organizations are using Sapho Employee Experience Portal?