31% of HR Managers Say They Need Better Employee Data Protection

In today’s digital age, cybercrime is alarmingly common—in 2022 alone, the FBI’s Internet Crime Complaint Center received 800,000 data-security complaints that created $10.3 billion in losses. How are these data breaches happening? Human error.

In their 2022 Global Risks Report, the World Economic Forum found that 95% of all cybersecurity breaches are caused by employee mistakes, and a Verizon Data Breach report found that 43% of cybercrime targets small and medium-sized businesses.

With SMB’s in crook’s cross-hairs, it's imperative for businesses to proactively protect employees' personal data. We surveyed 1,565 US full-time employees, including 500 human resources professionals, to better understand the role HR plays in a business’s data security policies and procedures, including:

• Do employees trust their employer to manage their personal data properly?
• How well does HR follow best data security practices?
• Do employees know what kind of personal information their employer keeps?

Read on for insights into employee perception and experience with data security—and how to better protect your workforce data.

• 1 in 10 employees (13%) have been affected by an employer's data breach, leak, or hack—yet 2 in 5 employees (43%) have never considered their employer a potential risk for a personal data breach.
  • 24% of employees say they’ve had experiences with an employer that worried them about their data privacy.
  • Only 35% of employees say they know what personal information companies can learn about them in a pre-employment background check.
• 65% of workers trust their company’s HR department to manage their personal data properly, and yet, a third (34%) of employees trust either a direct manager, CEO, work friend, or AI more than HR. Those employee instincts might be valid:
  • Nearly half (45%) of HR professionals say that they or a colleague has shared personal employee information with family or friends in a conversation.
  • Nearly half (47%) of HR pros have used or had a colleague use a cellphone to receive an employee’s personal information, and then forgot to delete it.
  • 53% of HR professionals or their HR colleagues have accessed employee information from a personal computer.
  • 67% of employees have emailed or texted documents containing personal information during onboarding.

When it comes to protecting employees’ personal data, most companies are doing well: 87% of employees haven’t been affected by an employer's data breach. Yet for the 13% of employees who have had their personal information stolen via their employer, there’s an inevitable loss of trust, both from the employees and customers. Such incidents also have lasting personal consequences, including identity theft and financial loss.

Part of the problem seems to be that employees either aren’t aware of the risks or haven’t been trained, as 43% of employees have never considered their employer to be a potential source for a personal data breach. This highlights the need for data security training and cybersecurity education for employees at every level.

HR is doing a good job of communicating what they keep on file about current employees; ​​92% say they have some idea of what information their company has on them, with the top five being:

• Contact information
• Social Security number
• Residential location
• Bank account details for direct deposit
• Pay history

However, not all HR professionals take the same level of precaution when accessing employee data. On average, 46% of HR professionals have witnessed others or they themselves have accessed or shared employee personal data in a way that puts that sensitive information at risk.

As an HR professional, have you ever accessed an employee's personal information in any of the following ways?

Partner with Legal and Security

Collaboration between HR, legal, and security functions is essential in preventing and planning for data security challenges. HR should also play a pivotal role in investigating employee data breaches and identifying areas for improvement in data security practices.

Work to develop comprehensive data security policies and procedures, conduct regular security and compliance audits, and provide ongoing training to employees regarding data handling and protection—their own as well as customer data. This plan should include clear communication strategies, legal obligations, and support services for affected employees.

» Learn More: How Long to Keep Employee Files: 5 Best Practices for Compliance

Invest in Secure Technology

To bolster data security efforts, organizations should invest in the latest IT solutions. HR professionals can benefit from advanced data encryption, access control systems, and secure data storage solutions. Services with AI and machine learning are another green flag that can help identify potential security threats and prevent data breaches proactively.

Look for services that offer firewalls, input validation, 24/7 security management and monitoring, native multi-factor authentication, annual third-party SOC I & II security audits, and the highest industry-standard encryption.

Unfortunately, employees' lack of trust is more than just a negative perception: 80% of HR professionals admit to witnessing or even participating in questionable data management practices, including:

• Accessing employee information from a personal computer (53%)
• Using a cellphone to receive an employee's personal info (such as a photo of an ID) and forgetting to delete the image (47%)
• Leaving personal employee information in public spaces in the office (47%)
• Sharing personal employee information with family or friends in a conversation (45%)
• Emailing or texting documents containing personal information during onboarding (67%)

Additionally, only 35% of employees say they know what personal information companies can find out about them in a pre-employment background check. As onboarding is typically when personal information is shared and collected, it’s a particularly vulnerable spot for personal data security.

The best defense is a good offense. Anytime you need to ask an employee for personal identifying information on behalf of the company, pair your request with an FAQ about why you need the information, where it’ll be stored and for how long, and how the company plans to keep that information safe.

Additionally, make sure to put specific data security measures in place for onboarding. That’s when you’re gathering the most personal information from employees, so you need to provide them with a secure way to give it to you, especially if they don’t work in the same location or need to submit it digitally. A text or an email just doesn’t cut it.

Level Up Your Employee Data Policy

Here's a good reminder for the golden rule: the care you’d want someone else to use with your personal information is how you should treat others' data. Don’t store pictures of coworkers’s documents in your personal cell phone photo albums or talk about their information casually. It creates unnecessary risk and liability for you and is uncouth.

If your company’s data policies aren’t up to standard or you don’t have any data policies, it’s time to have a hard conversation with your leadership team. An ounce of prevention is worth a pound of cure.

» Learn More: 5 Tips to Manage HR Compliance and Avoid Legal Risks

How HR Can Ensure Data Privacy

To survive in an increasingly criminal world, HR needs to own its important role in data security and take proactive steps to enhance data protection measures. Collaboration with security, robust response plans, and investments in cutting-edge technology are crucial components of a comprehensive data security strategy. By addressing these issues, organizations can create a safer and more secure environment for their employees' personal data, fostering employees' trust and confidence in the workplace.