How to Secure Employees’ Personal Data?

Following the mass data breach of Sony Pictures in late 2014, businesses throughout the United States took a close look at how employee data was being secured. Employers collect and store sensitive personal information from their employees, including current addresses, birth dates, social security numbers, and, in some cases, biometric or health data. The employer is responsible for safeguarding employee data from unauthorized access. If this data were to fall into the wrong hands, employees could become victims of identity theft. To avoid potential legal liability and to retain a highly-talented workforce, employers should take the following steps to secure their employees’ data:

Keep Firewalls & Antivirus Software Up-to-Date:

While large corporations usually have a team of network engineers, small and medium-sized business may not have the resources to hire a full-time IT expert. In such case, business should make sure that the latest firewall and antivirus software is installed on the company’s hardware.

Limit Access of Personal Data to Authorized Personnel:

A system with fewer entry points is more difficult to hack. Access to an employee’s personal data should be limited to managers who require the information to execute a work-related function.  For example, the payroll department needs access to social security numbers to report employee earnings to the government; however, the engineering department has no legitimate use for such information.

Store Data in an Encrypted State:

Sensitive data, such as social security numbers, should never be stored on the server in ‘plain-text.’ Data stored in an encrypted state is virtually useless to hackers. To access encrypted data, the hacker would need to know the encryption algorithm and the encryption key. Here is an example of a social security number in plain-text vs. encrypted: 123-45-6789 vs. GA782@1BBS&&%$((GH56.

Update Your Employee Privacy Policy to Address Modern-Day Concerns:

An Employee Privacy Policy lays out what information will be collected, how the employer intends to use the information, and if the information will be shared with a third-party. Employers should update their Employee Privacy Policy to address issues such as data breaches and other unauthorized access to employee data. Employers can easily update their Employee Privacy Policy by filling out this template.