Data breaches are not a new concern for businesses, as they have long known the havoc that one can exact upon them. With 2017 on pace to reach an all-time high of over 1,000 data breaches reported, organizations need to be more prepared than ever to deal with the near certainty that they will be targeted for a data breach.
In order to address this ever-present threat to data security, nearly all companies have put systems and processes into place to protect their customer data. However, surprisingly many employers don’t extend those same risk mitigation processes to their employee data – even though most organizations collect far more sensitive data about their employees than they do customers, such as social security numbers. This trend is evidenced by a recent Sophos survey of 1700 IT decision makers, which revealed that while 76 percent encrypted their customers’ data, only 57 percent of their companies encrypted their HR files.
Understanding Data Security Threats & Mitigating Risk
In our latest white paper, Data Protection: Employer Obligations and Motivations, we discuss why businesses should address fixing the disparity many of them have in their data security efforts to protect employee data compared to customer data. The paper explores employers’ legal and ethical obligations, as well as business motivations to protect employee information, with at least the same vigilance that they dedicate to safeguarding their customers’ data.
The paper begins educating employers on this topic by outlining the different types of employee data organizations typically collect, including Personally Identifiable Data (PII), Sensitive Personally Identifiable Data (SPII), and Personal Health Information (PHI); as well as examines the need to protect these data types even if they have been anonymized. It also reviews which legal protections apply to the different information categories, and discusses potential repercussions to employers that do not sufficiently guard this data.
The paper closes by offering comprehensive next steps to employers on improving the data security of employee information, by both outlining how this information is most often compromised and detailing best practices to mitigate risk of falling victim to one such vulnerability. To learn how to best position your organization to protect employee data, download our free white paper Data Protection: Employer Obligations and Motivations.