I enjoyed learning a lot about people analytics and am excited about the tremendous opportunities and potential of it, which can save lots of intensive human resources costs, and eliminate biases caused by some of the innate prejudices some may have. However, there are often both sides of the coin and having worked in compliance matters, I have always been one to be wary about potential risks and pitfalls, and how to safeguard against it. Hence, I found an article looking at what we need to be aware of when we gather so much data in a risk management standpoint.
As the article rightly points out, the large amount of sensitive information gathered about employee, sometimes with or without their knowledge, can range from information they provide intentionally, e.g. their home addresses and bank account statements, to minute details in their working behavior, how frequently some of them go to the bathroom, take pills during work, use which software and why, prefer what type of gadgets and accessories, to what they order for lunch, and in particular medical data as mentioned in the article which surprisingly can be “10 times” more valuable to criminals compared to normal credit card data, which may be of interest to some companies.
Thus, in addition to data privacy laws that different countries have to adhere to, for example the GDPR for the UK as mentioned in the article, there is the different layer when such data is stored in the cloud storage facility that spans in different countries, and data is transmitted across several jurisdictions, with varying privacy laws and data protection rights. Failure to protect the data with care, may lead to dire consequences, substantial fines such as a large proportion of turnover, as much as “4 percent worldwide turnover” or more as mentioned in the article, in addition to negative publicity and reputation costs which may undermine morale and customer confidence.
So, the next question comes in to play? Can we believe that we are safe when we have anti-virus software and the usual firewalls infrastructure? The answer is clearly no, as I believe most of us have already heard of data breaches even in the companies and places, we believe are most secure, even before this article. The article also brings out dire fact that sometimes employees so called insiders, can be found to be even more dangerous to the threat of data breach, which can range from innocent breaches of information with no ulterior motive resulting from lack of awareness that their ordinary mobile and computer habits such as using a public Wi-Fi to transmit emails can be dangerous, to the even more unexpected and extreme acts of disgruntled employees, who may expose data as in a supermarket’s case. Since prevention is better than cure, human resources does have an important job in educating it’s employees in securing their data from on boarding, from finding computer consultants to encrypt data to ensure personal information is stored separately from the data, find good lawyers skilled in the various locations in which data is used and stored to ensure compliance with data privacy laws, set up good internal control policies to ensure data is not used for the purposes beyond what is consented by the employees and abuse does not take place, and to also keep employee’s morale in check, and allow stressed or disgruntled productive outlets in venting, thereby reducing the risk of data related hate crime. Overall, this is both a science and an art in striking the right balance in allowing people analytics to reach its most benevolent potential, while continuing to inspire, trust, respect and confidence about employees so they can rest assured that their data is in good hands, for good purpose, to maximize their productivity, and increases the chances that the right persons with the right skills are selected for the right jobs.