Mar 29, 2021 | Clare Chiappetta, MA, HRCI Contributing Writer
Principles of Employee Data Protection
Data is now among a company’s most valuable assets, but many organizations aren’t prepared to use it strategically — and this includes the data they manage about their own employees.
HR teams and the software they deploy gather thousands of data points from your employees over their life cycle. “HR collects a tremendous amount of biographical data about each and every employee, including medical records and other sensitive information,” says Ben Eubanks, SPHR, chief research officer at Lighthouse Research & Advisory. “A data breach could be devastating to the workforce and put them at risk for identity theft.”
Because of this risk, leaders, decision-makers and employees with access to data need to be appropriately trained on data stewardship. These principles can help you develop and implement an employee data protection plan.
Establish a Data Safety Committee
Employee data management is a cross-functional activity, and a committee of HR representatives and other groups responsible for data protection can help encourage people to proactively bring up and address concerns.
The work of this committee shouldn’t limit itself to the theoretical. Traditional governance models focus on strategic issues and can overlook practical concerns, says David Swanagon, SPHR, head of people analytics North America at Ericsson. Create a community of practice composed of information technology, data scientists and HR professionals to monitor day-to-day data concerns.
Amanda Daniel Monroe, SPHR, PHR, aPHR, an HR data analyst at HudsonMann, agrees. This committee should review data policies and practices at least once a year. The group should anticipate changes arising from tech developments and the expected impact on employee data safety. For instance, if HR is looking to modify their software or tech stack, they should work with IT to ensure the transition doesn’t put data at risk.
Develop Policies to Protect Data
Establish specific practices surrounding collecting, storing and discarding data. Certain data storage requirements, such as the length of time you maintain a candidate’s application, are regulated by law. Develop similar regulations for employee engagement, experience and wellness data gathered from surveys.
“In some cases, HR departments may store files for years,” Monroe says. Develop a policy for converting paper files to digital and for securely discarding the originals.
Be intentional and ethical when gathering data, and always ask for consent. “Everything should be based on a use case and a hypothesis,” Swanagon says. You should be able to map out which group of employees you need to survey and which machine learning model you’ll run the data through to test your hypothesis. If employees know exactly how data will be used and stored, they’re more likely to consent to its collection.
Educate Your Workforce on Data Safety
Misuse of data from a breach or poorly designed algorithm can harm your employees and your brand. Working towards baseline data proficiency is vital for preventing misuse of data.
“Leadership and people business partners have to have a baseline understanding of what machine learning is,” Swanagon says. “It's important that senior executives evaluate use cases to determine if it’s legal and if it aligns with our values.” Amazon, for instance, scrapped its AI hiring software after learning the offering was rejecting women because it had primarily been fed data based on male applicants.
Establish concrete policies for requesting and distributing data, Monroe says, to prevent accidental breaches. Employees at all levels should have enough data proficiency to raise questions and concerns, and such education is essential for leaders, decision-makers and individuals using data and data-driven software.