A single issue with data mismanagement can dramatically affect an employee’s life both inside and outside work, and HR professionals report a worrying amount of mismanagement, according to a new study from BambooHR.
The survey indicated rampant disregard among HR professionals when it comes to data management:
- 45% of HR professionals say they or a colleague shared personal employee information with family or friends.
- 47% have been sent, or say a colleague has been sent, an employee’s personal information via cellphone and did not delete it from the device.
- 53% of HR pros or their colleagues have accessed employee information from a personal computer.
- 67% of employees have emailed or texted documents containing personal information during onboarding.
“I don’t think, in general, HR professionals take this as seriously as they should. Especially [considering] the amount of data that we process about our humans is massive,” Anita Grantham, BambooHR’s head of HR, told HR Brew.
Caring for employee data is an extension of caring for the employee, she said. Good data management practices are as important as a good health plan or wellness program, she added.
“I have access to all of your health insurance information…I know your pay history…I have a background check for you. I know your entire life. I could duplicate your entire life,” Graham said. “Why would I take that lightly?”
Almost all (95%) cybersecurity issues can be traced back to human error, according to the 2022 Global Risks Report from the World Economic Forum.
Quick-to-read HR news & insights
From recruiting and retention to company culture and the latest in HR tech, HR Brew delivers up-to-date industry news and tips to help HR pros stay nimble in today’s fast-changing business environment.
And the report comes as small and medium-size businesses are high on the target list for bad actors.
“Think about it, you’re a small business or small business owner, you’re focused on what you’re doing to make a living. You might have just enough employees to be dangerous,” Grantham said. “What feels completely harmless and like you’re being of service [can put] somebody completely at risk.”
Zoom out. In light of the report’s findings, Grantham said HR pros—especially those on small teams and one-person HR departments—should do three things immediately to address security woes.
First, audit. Take a look at what employee data your organization collects and figure out who has access to it. Second, cut ’em all off. You can build out permissions and access later.
“I took everybody out…anyone that could access employee data, I just deleted it,” Grantham said of her approach to protecting employee data when she joined BambooHR. “If somebody needs that [access], they’re going to come ask, and then I can assess from there.”
Finally, anyone with access is held to a higher standard, she said, because employee data should be protected at all costs.
Don’t be afraid to ask for help, she added, “especially in this area of something that’s so important.” She recommends consulting with IT or finance to make sure employee data is secured.