Global Privacy and Security

As breaches increase, national regulators and national works councils are taking notice of privacy and data protection weaknesses. They are imposing penalties that range from fines and consent decree mandates to work stoppage or a combination of all three. These penalties are increasing as international regulations continue to grow in number and complexity.

But in HR information security, the biggest risk is failing to meet the expectations of your workforce. Employees are more sophisticated, and they expect their employers to protect personal information and abide by the regulations enacted to protect their privacy.

On the other hand, businesses are still required to deliver a wide range of efficient services, even as they push toward rapid global expansion. Self-service and HR analytics are only the beginning of a list of capabilities your HR service delivery model is expected to possess. Almost all these services increase access to personal information, force HR processes deeper into the organization, and create a more complex environment for protecting data and keeping personal information confidential.

Solutions arise from challenges — and vice versa

The technology solutions and service delivery models behind these changes provide new utility, but also offer new risks. SaaS applications, cloud computing, smart phones and mobile applications, and social media and HR analytic applications lie at the cornerstone of many transformation efforts. These technologies change the landscape of privacy, including the ways in which data is protected, how regulators assess their use, and how employees perceive the security of their personal information. Outsourcing and insourcing various functions of service delivery also create new challenges. Many organizations struggle to understand how privacy, data protection, and risk relate to one another. When contracting and monitoring third parties, or when assuming activities in-house, it can be difficult to know how to address privacy and data protection controls in areas, such as cross-border data transfer mechanisms, notice, choice, and information confidentiality.

As in any transformation effort, leaders are faced with managing conflicting objectives. Under pressure to provide more services across a broader, international geography, how can you do it with the privacy and data protection controls your employees demand?

Before tools, understanding

The solution resides in understanding the components of privacy and security and how data flows to, through, and from your organization. “Privacy” relates to personally identifiable information (PII) and the ways an organization works to use and disclose it properly. Within the context of HR, privacy is how you manage the rights and obligations related to personal data within your workforce. “Security” is more general — it describes the way an organization protects information and systems from unauthorized access and use. The trick in HR Transformation delivery is to integrate both privacy and security throughout your HR services and the systems that support them.