Employee Data Protection Paramount for Employers
Employee data protection is a serious business. Some human resources professionals are failing to take employee data protection concerns seriously, according to a survey from GetApp, an online resource for businesses exploring software as a service (SaaS) products and a Gartner company. The survey results were cited by HRDive.
The GetApp survey showed that HR personnel doesn’t receive training on employee data protection at 41% of employers. Only 19% of employers revise their employee data protection policies quarterly. What’s more, a third of employers are operating without an employee data protection policy. Of the two-thirds of employers with a written employee data protection policy, 44% say their biggest challenge is employees’ noncompliance. Nearly one-fifth of respondents said they don’t have time to draft an employee data protection policy. Moreover, just 21% of the GetApp survey respondents said they’re aware of the General Data Protection Regulation (GDPR), a law in the European Union that protects data and privacy for all individual citizens of the EU and the European Economic Area. GDPR also addresses the transfer of personal data outside the EU and EEA.
However, the survey’s authors were surprised by the lack of employee data protection policies at the employers they polled and said that data security should be a top priority for employers in the wake of GDPR. In addition, as increasing numbers of employees work remotely, employers will have to pay more attention to employee data protection. A 2019 Speakap survey found that “deskless” workers use apps such as WhatsApp, Facebook, Messenger, and Skype as much as six times a day for work purposes. In addition, they often do so without their employer’s knowledge.
According to HRDive, “Without training in recognizing and preventing security breaches, employees that use tech tools to communicate on external platforms may put their data and that of their organization at risk. HR, in partnership with IT, can offer training programs and draft policies for lowering the risk of breaches and viruses.” Moreover, some industries are savvier than others when it comes to employee data protection. For example, a study from enterprise cybersecurity solutions provider Proofpoint found that finance workers answered 80% of the questions correctly on a test measuring their knowledge of cybersecurity. By contrast, education and transportation workers had the lowest test scores. In addition, communications employees scored higher on the test, whereas employees in facilities and security and customer service knew less about cybersecurity. Employers can leverage survey results like those from the Proofpoint study to gauge cybersecurity and employee data protection knowledge in their own industries and start taking steps to provide proper education for employees.
Employee data protection training to lower the risk of cybersecurity breaches is critical, HRDive observed. However, employers must not only provide their workers with employee data protection training but also ensure that they are providing the right kind of training. That includes helping employees understand their role in creating security and employee data protection risks. For example, a Willis Towers Watson study cited by HRDive found that 66% of cyber and employee data protection breaches are caused by workers’ negligence or malfeasance. When employers give permission for workers to use personal devices in the workplace, the risk of employee data protection breaches increases. Considering this, HRDive noted, employers should make comprehensive training of workers their first line of defense against employee data protection risk.
Latest posts by Steff Chalk (see all)
- HSA Benefits Leading to Increased Participation - December 9, 2019
- Financial Wellness Different than Financial Literacy - December 4, 2019
- Education Benefits Assistance Employers and Employees - November 30, 2019