A recent BambooHR report finds that nearly one-third of HR professionals say their companies lack robust measures to protect employee info and offers ways to decrease risk.
By Maggie Mancini
Cybercrime has become increasingly common in recent years, with the FBI’s Internet Crime Complaint Center receiving 800,000 data security complaints last year. With that in mind, it’s imperative for businesses to proactively protect employees’ personal data, according to a recent study from BambooHR.
The company’s survey of 1,565 full-time employees—including 500 HR professionals—finds that 31% of HR managers say they need better employee data protection. While 13% of workers have been impacted by data breaches and leaks, two in five workers never consider their employer to be a potential risk for data mismanagement.
“HR professionals care for people, so ensuring that employee data is properly secured can be as simple as extending that care to the cause of data security,” says Anita Grantham, head of HR at BambooHR. “I don’t think HR is intentionally putting personal data at risk. This survey is a good reminder that the personal details we collect with every new hire do have inherent risks, and not to let the daily nature of what we do create a casualness with how we do it.”
Nearly two-thirds (65%) of workers trust their company’s HR department to manage their personal data properly, while 34% of employees either trust a direct manager, CEO, friend, or AI more than HR.
The study’s key findings on data privacy indicate that workers’ instincts might be valid.
- Nearly half (45%) of HR professionals say that they or a colleague has shared personal employee information with friends or family in a conversation.
- Nearly half (47%) of HR professionals have used or had a colleague use a cell phone to receive an employee’s personal information, and then forgot to delete it.
- More than half (53%) of HR professionals or their HR colleagues have accessed employee information from a personal computer.
- More than two-thirds (67%) of workers have texted or emailed documents containing personal information during onboarding.
While nearly one-quarter (24%) of employees say they’ve had experiences with an employer that worried them about their data privacy, only 35% of employees know what information companies can learn about them in a pre-employment background check.
“Background checks are a standard hiring practice for many companies,” Grantham says. “The screening agency you work with should always inform employees of what information will be checked and provide a timely and free copy of the report. Check in with your new hires to find out if those best practices are happening, and if they aren’t, you need to talk to your screening agency to or find a new one.”
The survey finds that 31% of HR professionals say that their companies lack robust security measures for storing employee data, underscoring a need for improved data security practices within HR departments.
Grantham says it’s “concerning” that one in three companies are leaving employee data vulnerable. She says that finding trustworthy technology can help companies build a secure system of record that makes onboarding secure and fast and provides data insights and reporting on headcount, time-to-hire, and PTO.
“If your company is still making a story physical copies of employee data, the risks of theft and GDPR non-compliance are problematic,” Grantham says. “Digital copies kept in the cloud can be easier to protect with permission levels but are messy to organize and access. As your company grows, the organization, security, and added functionality of reporting from an HRIS becomes necessary, especially with the amount of sensitive data you are collecting and storing growing exponentially with each hire.”
The survey recommends several ways that companies can protect employee data, including collaborations between legal and security, investing in secure technology, and offering credit monitoring for employees.
Educating employees on what to look out for when handling personal information is vital, Grantham says. At BambooHR, employees complete quarterly online data security training to stay aware of the latest phishing tactics.
The company has also created an open culture where workers can share questions and concerns about emails or software popups they receive to make sure they’re getting input about things they aren’t sure about.
Employees’ lack of trust in HR’s handling of personal data is more than just bad perception, as the survey finds that 80% of HR professionals admit to witnessing or participating in questionable data management practices.
The survey provides advice to HR professionals looking to improve trust among employees, particularly those who have had their personal data impacted by breaches, leaks, or mismanagement. These include standardizing employee data policies, explaining why personal information is needed from employees, and informing employees about how the company plans to keep their data safe.
“Trust starts on day one,” Grantham says. “How personal information is asked for tells employees a lot about how a business is run. It’s also important to let your employees know what security measures are in place.”