June 28, 2019

HR Policies To Ensure Data Protection

The Human Resource (HR) team is arguably the backbone of any organisation, given their responsibility in various business operations such as strategic management, payroll matters and the recruitment and hiring process.
What many don’t realise is that on a daily basis, the HR team also handles most of the organisation’s internal processes, procedures and sensitive information such as employees’ personal data. This data can range from NRIC numbers, residential addresses, personal email addresses to mobile numbers - making them a target for data thieves and data mongers.
Doing it right the first time
If data falls into the wrong hands, organisations could suffer the consequences of a data breach, including business fraud, which can cause both reputational damage and monetary loss. Hence, it is crucial for organisations to put in place policies to ensure data security, such as:

  • Obtaining consent from employees for collection, use and disclosure of data
    An individual’s data is a unique identifier and can reveal much about a person. The organisation should always seek consent from employees or candidates when collecting, using or disclosing their data.
  • Safely securing physical documents in locked cabinets
    If the data is available in hardcopy, organising and locking it in a cabinet can ensure that the data is never within reach by unauthorised individuals. Likewise, digital data should be stored in encrypted devices to avoid prying eyes.
  • Disposal of all unused physical documents and hard disk drives
    Unused or old physical documents should be regularly disposed of through secure shredding. The PDPC also recommends that organisations discard unwanted hard disk drives through shredding as shredded materials are nearly impossible to be reconstructed by data mongers.
  • Regular spring cleaning and internal risk assessments
    ‘Cleaning’ and organising your database can assist in ensuring that no unused information is retained unnecessarily. Regular internal risk assessments should also be conducted in order to identify any possible areas that may pose a security problem. Employees are also encouraged to practice a Clean Desk Policy and a Shred-it All Policy to make sure there is no confidential data left lying around, and all documents are securely destroyed on a regular basis.

In addition to these policies, organisations are also encouraged to appoint a Data Protection Officer (DPO) to work closely with the HR team and review data protection regulations within the organisation.
It is always best to keep your organisation safe and prevent a data breach at all costs. A solid data protection process is important, and it is the responsibility of everyone in the organisation to ensure secure protection of all sensitive data to remain compliant with the privacy watchdogs.
Start Protecting Your Business
An organisation that integrates data protection into its business processes can help reduce the risk of a data breach and non-compliance to the PDPA. Learn more about how Shred-it can protect your documents and hard-drives by contacting us.