An HR data breach is the unauthorized access to unencrypted or unredacted records or data that has personal information with the intention to use the data illegally in a way that would cause harm; and it’s every company’s worst nightmare. Fixing the mess often requires a big effort and the fallout can be a PR nightmare. Understandably, employees and job applicants expect that their private information – such as their Social Security Number (SSN), medical records, and date of birth – will be stored securely. Let’s talk about some straightforward ways that businesses’ can keep their HR data pool safe and secure.
How to Keep Employee Data Secure
1. Create data security policies
Data security policies should:
- Identify the type of employee information the company will store.
- Explain how the company will protect and secure sensitive data.
- Lay out clear rules and consequences for unauthorized viewing, copying, or transmitting sensitive employee data.
2. Train employees on data security
All employees and managers should be trained on the data security policies created by the company. Managers who will need to access sensitive information should be trained to recognize signs of attempts to breach HR data such as phishing scams in order to prevent unauthorized access. They should also be trained to report any attempted data breach.
3. Secure all employee HR data
Whether employee data is on physical paper or in digital form, it needs to be stored securely to avoid a data breach. Paper files should always be stored in a locked cabinet or room with one manager responsible for the key. All electronic data should be encrypted, password protected and on a secure server – full access to data should not be available to all managers. Passwords should be difficult to guess and changed on a regular basis. Electronic systems should be evaluated and maintained regularly to reduce the risk of a hack or virus.
4. Comply with Hawaii’s security breach reporting law
Hawaii’s data breach notification law requires disclosure of a security breach “without unreasonable delay” as described in §487N-2(a) of chapter 487N of the HRS. The law is applicable to any business that owns or licenses personal information of residents of Hawaii and any business that does business in Hawaii that owns or licenses personal information in any form.
5. Follow federal and state recordkeeping laws
Hawaii law requires wage records to be maintained for six years. Both federal and Hawaii law require a significant amount of information to be maintained. After the six years is up, make sure to dispose of the records properly. For paper records, shredding is an option. You may need to contract with a reputable third-party vendor to properly dispose of digital records in a way that complies with federal regulations. It’s also important to note that the Americans with Disabilities Act (ADA) requires employers to separate employee medical information from employee personnel files; access to the records must also be restricted.
6. If possible, do not use SSNs
Because SSNs can so easily be used for identity theft or other types of fraud, this data must be stored in the most secure way possible. Employers should also avoid transmitting or using employees’ SSNs whenever possible
7. Use a data access log to track access
One of the best deterrents to an internal employee data breach is to keep a log of anyone who accesses employee records. For paper records, the employee should be required to mark the date, time and why they accessed the records. Digital records should be on software that can both control and log when and by whom employee records are accessed. Review the access log every month and investigate any attempts that were not authorized.
Not excited about employer laws? That’s okay; we’ve got you covered through HR outsourcing! When you partner with Makai HR you can get on with the business you are trying to grow while we take care of your employee needs from payroll to taxes, health insurance/benefits and worker’s compensation. You also gain peace of mind that you are in compliance with all of Hawaii’s employer laws (if you’ve ever looked you know that the list is very long). When choosing a PEO to partner with, there are many things to consider including cost, services and technology solutions.
We know how important it is to keep labor costs in line with revenue. Our plans are priced competitively and include value-added services like time-in/time-out systems. Our three tiers of PEO service plans are tailored to the size of your business and specific needs. We offer a 100% paperless solution which means that your employees can manage their needs through a computer, tablet or phone. We can truly improve your employees work benefits while freeing you up to run your business.
What are you waiting for? Companies that partner with a PEO benefit from 7-9% faster growth, 10-14% lower employee turnover; and they are 50% less likely to go out of business. Contact us today to get started!