Data Privacy and Security Considerations for Human Resources
Human resources departments collect, use, retain, store and dispose of personal information of an organization’s current and former employees and applicants.The department is responsible for securing this information and training personnel on data security in general.The department’s obligations and best practices are discussed in a recent Locke Lord study (https://www.lockelord.com/newsandevents/publications/2019/08/data-privacy-and-security).
The first step is to limit data collection to what is necessary. Job applications should not include information that is prohibited by law, or not required for a first interview. Sensitive personal information may be subject to law requiring retention for, or destruction after, a specific time period. Medical information requires special protection and should be separated from other employee information. There is no “one size fits all” approach to data security.
Human resources and information technology should work together on employee information security awareness training and securing company data.
Finally, human resources must understand when and how to dispose of data that has served its purpose.