Safeguarding HR and payroll data in the digital age
By Ian Smith, CEO at Gospel Technology
April 3 2019 - When it comes to handling sensitive data, HR and payroll professionals have a lot on their plate. From employees' bank details to performance reviews and contact information, protecting employee data and ensuring compliance are central to both job functions, especially following the introduction of the General Data Protection Regulation (GDPR).
However, this is being complicated by the fact that data sharing and digital collaboration have quickly become essential to maintaining a competitive advantage. Combine this with today's hypersensitivity around data protection and the growing value of corporate data for cybercriminals, and the scale of the challenge facing businesses becomes clear.
Protecting personal data
No matter the industry, having authorised and appropriate access to data is essential for HR and payroll departments. For example, HR teams use Personally Identifiable Information (PII) to identify, contact and locate individual members of staff, making it easier for them to provide a personalised employee experience. This data then needs to be shared with trusted colleagues and partners, which has become significantly easier in recent years thanks to the development of new technologies such as cloud-based software-as-a-service solutions, wide spread communication tools and database management tools.
But the big challenge is stopping this data from falling into the wrong hands and leaving it vulnerable to cybercriminals, which could be extremely damaging. Unfortunately, the traditional zero-trust security solutions that many businesses rely on are coming out second best against modern cyber-criminals - as evidenced by the near-continuous news stream of data leaks and cyber-attacks. Not only does this pose financial, operational and reputational risks for businesses, it can also stifle data sharing and affect the relationship the employer has with their staff.
The human factor
As the importance of data continues to grow as the major contributor to business prosperity, Employees place a level of trust with their employers to ensure the ethical use of their personal information. In return, businesses have an operational and moral responsibility to make sure they have the appropriate solutions and process in place to keep data protected and used according to company policy. These operational responsibilities run in parallel to regulations that businesses must follow.
Many businesses support employees in this area by investing in data management and security training courses but, no matter how many exercises they do, human error is often inevitable. In the wrong hands, misappropriated data could have serious consequences. The human is the most fallible element within any operational process, inevitably leading to mistakes as many businesses have found out the hard way. So, with this in mind, how can HR and payroll professionals provide proactive data security and management in today's landscape?
Changing the game for data security
HR and payroll are underpinned by defined processes that have been refined over many years. This can make it difficult to drive change. However, with the growing amount of data being generated in today's Omni-channel digital world, putting the right processes, policies and solutions in place to securely store and process employee data is essential.
Therefore, HR and payroll departments need access to solutions that enable them to navigate the new realities of today's digital workplace. The acknowledged problem is that the technology underpinning many data processes was not designed to cope with the exponential volumes of data that are now being generated, alongside the innovation of new applications and communication channels, which when combined result in data inadvertently escaping through the cracks. When businesses do take steps to secure their networks, it's often a defensive process that involves plugging holes as they appear, rather than being able to deploy proactive measures . On too many occasions, cyber-criminals get to these cracks first, which is why cyber attacks and data leaks are rarely out of the headlines. If they ever want to escape this cycle, businesses need a proactive data management solution that is designed for today's digital workplace.
This is where technologies that are just as decentralised as the data they are trying to protect are changing the game. For example, distributed ledger technology (DLT) allows businesses to share data internally and externally without losing control, providing appropriate access to individuals or groups based on their credentials. This architecture creates a network of trust for secure data collaboration - both between employees within an enterprise (intra-enterprise) and between enterprises and their partners (inter-enterprise).
DLT technology solves many of the problems facing HR and payroll professionals by eliminating the threat of data breaches, adding a much needed and unprecedented infrastructure layer of data access and security. This enables businesses to retain control of their confidential data, even when it is shared beyond the perimeters of its network. As the system (and the data contained within) is near impossible to tamper with or corrupt, businesses can be sure that they are accessing the latest single version of the data. Furthermore, contextual access ensures that PII can only be accessed by people authorised to view it and only in the context of the relevant fields of information required to complete a business process, no longer limiting business agility or exposing too much information to employees.
Ultimately, ensuring data security, trust and compliance will always be critical responsibilities for HR and payroll professionals. With the amount of data being generated today, the need to meet modern data protection demands is a challenge which, if met, will mitigate the threat of data breaches as well as increasing service efficiencies. The potential is there for businesses to truly transform the way they work with personnel data, and HR and payroll can be right at the heart of it.