Data Privacy and Security Considerations for Human Resources

Data Privacy and Security Considerations for Human Resources

August 16, 2019 Business Insurance and Risk Management, The Beacon Blog 0 Comments

Human resources departments collect, use, retain, store and dispose of personal information of an organization’s current and former employees and applicants.The department is responsible for securing this information and training personnel on data security in general.The department’s obligations and best practices are discussed in a recent Locke Lord study (https://www.lockelord.com/newsandevents/publications/2019/08/data-privacy-and-security).

The first step is to limit data collection to what is necessary. Job applications should not include information that is prohibited by law, or not required for a first interview. Sensitive personal information may be subject to law requiring retention for, or destruction after, a specific time period. Medical information requires special protection and should be separated from other employee information. There is no “one size fits all” approach to data security.

Human resources and information technology should work together on employee information security awareness training and securing company data.

Finally, human resources must understand when and how to dispose of data that has served its purpose.




About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.