Do you handle your employees’ personal data correctly?27th June 2017
As an employer, it is your responsibility to conform with the Data Protection Act to ensure your employees’ data is protected. Human resources should take great care in the transmission and disposal of employee data.
In September 2016 Sports Direct were the victims of a cyber-attack, compromising the data of 30,000 employees. Not only were the hackers able to access names, emails, addresses and telephone numbers of these employees, the company failed to inform their employees of the attack, leaving them unaware of their personal data being compromised.
We would like to share with you our advice for handling personal data appropriately:
Employees do have the right to object to their employer holding or using their personal data if it causes them distress. It is your responsibility to take the appropriate action when handling your employees data and comply with the Data Protection Act to ensure peace of mind.
- Preparation is key – When handling your employees’ data, you need to prepare for the worst. Creating a plan of action for the event of a data breach will allow you to react quickly, preventing further damage to your reputation.
- Don’t display personal data where it can be seen – In the transmission of personal data, do not discuss or display this data in an environment where it can easily be seen.
- Encrypt all confidential information – You don’t want to make it easy for a data breach to potentially uncover your employees’ personal data. By encrypting confidential information it will protect all sensitive data, making it highly inaccessible from impending threats.
- Keeping your security software up to date – Malware is continuously being released, so you need to be aware of your security software being updated. If your business uses Microsoft Vista you are susceptible to cyber breaches as Microsoft no longer update their operating system with security updates. This is the time to check you have an operating system that supports regular security updates.
- Have you trained all members of staff? – Do your employees know they could be putting their own data at risk? Training all employees about the causes of data breaches will reduce the risk of their personal data being compromised. Training employees about phishing emails and how to browse the internet safely will reduce the likelihood of their data being imperiled.
- Secure destruction of personal data (electronically and manually) – It is important not to keep data for longer than is necessary, unless for any legal reasons i.e. in the event of a legal claim or employment tribunal. Otherwise personnel files should be deleted or securely shredded after 6 or 7 years.
- Unsuccessful candidates’ applications should be deleted – These CVs and application forms should be deleted after 6 months, the disposal of copies of passports, driving licenses and banks accounts need to be done securely, using a reputable shredding company.
- Keeping records of destroyed files – It is advisable to keep a record of the data you have destroyed – this is to allow your organisation to demonstrate compliance with the new GDPR Notion of Accountability.
If you would like more information on how to handle your employees’ data correctly, please don’t hesitate to contact us on 01673 885533 or email [email protected]