Ian Smith, CEO at Gospel Technology
From employees’ bank details to performance reviews, HR and payroll professionals are constantly surrounded by sensitive data. Both job functions also involve a heavy focus on compliance and with the introduction of the General Data Protection Regulation (GDPR), hypersensitivity around data protection, fraud and breaches on the rise, protecting employee data has never been more important.
Advancements in technology and the impact this is having on workplace habits has meant that data sharing and collaboration digitally has quickly become essential to maintaining competitive advantage. Combine this with the fact that corporate data is a key target for cybercriminals, the scale of the challenge facing businesses is all too clear.
Personal data is lucrative
For all HR and payroll departments, having access to data is essential. For example, PII (Personally Identifiable Information) data can be used to uniquely identify, contact and locate a single person, making it easier to personalise their employee experience. The ability to share this data with trusted colleagues and partners is also essential and new technologies such as cloud-based software-as-a-service solutions and database management tools have made it easier to gather and share PII data.
But, no one wants this data to fall into the wrong hands and leaving it vulnerable to cybercriminals can have devastating consequences. Unfortunately for businesses, the traditional zero-trust security solutions that many rely on, characterised by strict access restrictions that hinder collaboration, are proving ineffective in stopping cyber-attacks – as evidenced by the fact that data leaks and cyber-attacks are rarely out of the headlines. Not only does this pose financial risks for businesses, it can stifle data sharing, impacting the relationship they have with their staff.
Data protection is a moral obligation
What has become more apparent as the importance of data has continued to grow, is that employees trust their employers to ensure the ethical use of their data. In return, businesses need to ensure they have the appropriate solutions and process in place to reassure employees that their data is protected. Regulations do exist and for good reason, but there is also a moral obligation for those who work in HR and payroll to make sure they are committed to keeping data secure.
Many businesses invest in training so employees can follow best practice examples, but human error is often inevitable. We’ve all sent an email to someone by accident, but imagine if this email included the address details of all employees, or a disgruntled employee decides to leak sensitive information. Mistakes will always happen and it only takes one small error for a data breach to occur. This raises an important question: how can HR and payroll professionals ensure data security in today’s landscape?
Getting it right when it comes to data security
Like many other sectors, HR and payroll is underpinned by processes that have been refined over time. As a result, undergoing change can be a difficult process. However, with the growing amount of data being generated in today’s multichannel digital world, businesses need to have the right processes, policies and solutions in place to make sure employee data is stored and processed securely.
HR and payroll departments need to look further for solutions that will enable them to navigate the new realities of today’s digital workplace. For example, the technology that currently underpins many businesses’ data processes was designed for an era when data was generated in limited quantities, not even close to the exponential volumes being generated in today’s multichannel, digital world. As a result, data inadvertently escapes through the cracks. Even when businesses take steps to secure their networks, it’s often a case of plugging the holes they can see or reacting to an incident. On too many occasions, people with bad intentions get to the cracks first, which is why cyber attacks and data leaks are rarely out of the headlines. A proactive data management solution is needed, not a reactive one, if businesses are ever going to escape this.
A technology designed for the reality of their jobs is what is desperately needed. Technologies that are just as decentralised as the data they are trying to protect. For example, distributed ledger technology (DLT) allows businesses to retain control of their data when securely shared internally or externally, providing access to individuals or groups based on their credentials. This architecture creates a fabric of trust for secure data collaboration—both between employees within an enterprise (intra-enterprise) and between enterprises and partnerships (inter-enterprise).
DLT technology adds a much needed and unprecedented infrastructure layer of data access and security while eliminating the threat of a data breach. This technology can be applied to solve many challenges HR and payroll professionals face today, by allowing businesses to retain control of their data, even when it is shared beyond the perimeters of its network. It ensures that the system (and the data contained within) is near impossible to tamper with or corrupt as it creates a single version of the data, and it can ensure contextual access to PII, so that data can only be accessed by people authorised to view it and only in the context of the relevant fields of information required to complete a business process, no longer limiting business agility.
Data security and compliance will always be a critical element for HR and payroll professionals. With the amount of data being generated today, ensuring security and trust across a business, especially within the HR and payroll department, not only mitigates threats of a data breach but it also increases service efficiencies. Businesses can truly transform the way they work with personnel data, and HR and payroll can be at the heart of it.