Apart from the credit crunch, one topic that increasingly seems to crop up on business pages is that of data security. We are all concerned about customer data being lost but, as HR staff, how do we view the loss of employee-related data, asks Quentin Colborn.
The first question I would ask is whether this is a new problem, or simply one that has always existed but simply didn't get the publicity previously. Certainly there is a growing awareness of the value of personal data – both from the perspective of the data subject and those who make use of such data.
Going back 20 years, nobody would have dreamed of technology that would mean that someone else could check out what you had read in a newspaper. Today, if you read that paper online then your reading habits may be very easily accessible.
In my experience, HR and IT professionals I have worked with have been very resolute in protecting personal data, so what goes wrong in the headline cases we read about? I suspect that more often than not it comes down to a failure to follow procedures – perhaps because individuals don't appreciate the importance of procedures. If an organisation does not have the correct procedures in place to protect personal data then woe betide them, they deserve what's coming to them!
Procedures are one thing, but what about the implementation? Some reports I have read suggest that the loss of data is more down to human carelessness than to organisational deficiencies. If this is the case, what can be done about it? There is a potential knee-jerk reaction here to suggest that in many instances, data loss is the result of outsourcing brought about by cost-cutting. While this is an attractive argument I think we need to stand back and view it dispassionately.
Whether it be government or private sector, we all demand high levels of service at the lowest possible cost, and how many of us look at service levels first and then cost? There is the argument that the private sector is purely driven by profit and many will look down their noses at such a prospect.
However, many people benefit when the private sector makes a profit. I suspect that very few people have pension arrangements that do not depend on the performance of the stock market – so at the end of the day most of us are looking for businesses to be profitable to a greater rather than lesser extent.
So is there a suggestion that those who work for outsourcers are less committed than those who work for the originating organisation? I have to acknowledge a bias here; having worked for an outsourcing organisation, my experience there tells me that the demands of the client may well lead to greater levels of service and performance than we might expect. There are of course stories about packages containing personal data being left on the roofs of vehicles, but should we blame the organisation for this?
What many commentators seem to fail to recognise is that unfortunately on occasions mistakes do happen. We employ people and sometimes people fail; they shouldn't of course, but the reality is that it happens to all of us at some stage.
It also all comes down to the degree of risk that we are prepared to take. When data has to be transported in physical format (as opposed to electronically) should there always be a briefcase handcuffed to an official to take it places? Do that and you are putting the individual at risk (could the bag contain cash?) but also the transportation cost becomes very high. Are we prepared to meet that cost?
So where does HR stand in all this? When it comes to employee data we should consider what data needs to be held and transported and go back to basics and look at what is really necessary. How many HR teams conduct a thorough risk assessment of all they do? Think about doing so, it may throw up a few surprises!
Has your organisation lost data in any shape or form? How did you go about managing the situation and addressing staff concerns? What steps did you put in place to prevent a reoccurrence? Let us have your views and experiences.
Quentin Colborn is an independent HR consultant based in Essex who advises management teams on operational and strategic HR issues. Quentin can be contacted on 01376 571360 or via [email protected]. For further information, please visit: www.qcpeople.co.uk.