Employee Data Gone Wild
By Cliff Stevenson from i4cp | August 3, 2012
We live in a world where our private information isn't very private. We voluntarily disburse a lot of information about ourselves into myriad portals of the internet, and anything we don't willingly surrender is probably gathered without our knowledge through more circuitous means. I don't bring this up for paranoia's sake, but to reaffirm that as the amount and type of data that is collected increases exponentially, so too does the need for security and protocols around those who can access that information.
The workplace is no exception. More data about workers is collected and aggregated than ever before, which leaves HR professionals with decisions to make about who should be able to see that data; everything from your title, to your performance rating, to your marital status and other demographic information. This has led to a number of companies handling this issue in a variety of ways.
In a recent call among i4cp members, several companies shared their policies and philosophies on handling the issue of who can see what, and when.
Some of the solutions included letting HR groups only see the information for the unit they support (e.g. sales). Another company allowed HR to see anyone's information on request, with the exception that they could not see anyone's information from HR. One company allowed complete access to all departments for anyone within HR. This surprised us, so we naturally had to ask them if they had encountered any issues with this open-minded policy. They reported having none.
In general, it seemed that most companies tried to restrict access based on need, with the understanding that there would be occasions when intra-departmental or more secure employee data would need to be accessed. In those instances, they made sure that permission was required and that records of the access were logged.
Judging from the high turnout and the amount of participation in the discussion, this is obviously an important issue to many of our members. It's also an issue that doesn't seem to have a one-size-fits-all strategy across companies yet.
If you feel you have a unique policy, or one that you've found works particularly well, we would like to hear from you. Comment below, just don't give up any confidential employee data!