| With all the possible forms of sensitive employee | | | | information could prove to be incredibly valuable to the |
| information and all the possible locations where that | | | | right people. For instance, a complete list of all |
| information might be found, the chances of an | | | | employees, their titles, salaries and contact information |
| employee's private information being inappropriately | | | | would be a goldmine to a competing company's |
| disclosed in a poorly secured Human Resources (HR) | | | | recruiters--and a potential death sentence to the |
| environment could be high. | | | | company that lost the information. |
| But what are the consequences of poor HR security | | | | - Expensive retrofitting: Companies that didn't design |
| that allows employee private information to get into the | | | | their HR systems and processes to be secure from |
| wrong hands? Some scenarios include: | | | | the beginning may have to pay a hefty price to retrofit |
| - Civil suits: An angry employee who has had their | | | | their information systems and processes to meet new |
| private information inappropriately disclosed need only | | | | security requirements. |
| do a quick web search for "employee private | | | | - Reprimands and terminations: All the bad things listed |
| information lawsuit" to find dozens of lawyers and law | | | | so far are mostly things that could happen to the |
| firms eager to sue the company that committed the | | | | company. But none of these take into consideration |
| violation. In fact, one firm in Minnesota brags about | | | | one thing that might happen to the employees within |
| "achieving large settlements for... wrongful | | | | the company--namely, somebody could get fired! If any |
| dissemination of private information... in violation of the | | | | one of these bad things come to pass, you can be |
| Minnesota Government Data Practices Act." | | | | certain that someone is going to be found to blame. |
| - Damaged reputation: A company who discloses | | | | And if you were seen as responsible for some aspect |
| employee private information runs a serious risk of bad | | | | of safeguarding sensitive information, that someone |
| publicity based on the event from newspapers, radio, | | | | could be you. |
| and television. Depending on the extent of that publicity, | | | | These possibilities are just the beginning. It is not |
| the company's reputation and brand image could be | | | | inconceivable that a big enough breach in HR security |
| permanently damaged, possibly resulting in loss of | | | | could result in a combination of these scenarios, |
| sales and shareholder value. | | | | ultimately causing the company to go out of business. |
| - Employee and customer distrust: If a company can't | | | | While the consequences of poor information security |
| demonstrate that they can do something as | | | | within a company and its HR department can be dire, |
| straightforward as protecting their employee's | | | | there is good news. As the one department that |
| information, why should customers trust them with their | | | | interacts most with all employees throughout their |
| private information or business? And if one case of | | | | employment with a company, HR is uniquely positioned |
| employee sensitive information disclosure occurs, why | | | | to positively influence the culture of a company to take |
| should employees believe it wouldn't happen again, and | | | | information security issues seriously. Also, because |
| maybe with their information next time? Such distrust | | | | HR's heritage is one of risk management, incorporating |
| could lead to lost sales and high employee turnover. | | | | a concept like information security into their operating |
| - Unfair advantage to outside parties: Depending on | | | | procedures and evangelizing security to the company |
| what employee information is lost and to whom, the | | | | should come naturally. |