Almost every business stores large amounts of data on their personnel. They also put measures in place to see that the data is protected, allowing limited access to a few authorized officials only. Breach of such data could encourage fraud, identity theft or play havoc in other ways should the information be misused. Employers also have a duty to protect their employees’ privacy or face legal consequences.
We keep hearing of many businesses, including banks, suffering malware attacks which expose their customers’ sensitive personal data. The hack into Home Depot’s systems leaked more than 56 million credit and debit card accounts and at last count, cost a whopping $62 million in damage control. Before that, Gmail accounts were found hacked into and hospitals have found their medical information purveyed to third parties by employees. Perhaps the most alarming of all is the recent theft of sensitive personal information pertaining to federal employees held by the Office of Personnel Management (OPM). Initially estimated to be the data pertaining to 4.2 million individuals, this enormous breach has assumed mammoth proportions when it was revealed that roughly 21.5 million people’s data, within and outside the government, was compromised. These people applied for government jobs, federal contracts and partnerships with federal contractors. While 19.7 million of these were people who filed for security clearance, dating back to the year 2000, the remaining 1.8 million were their partners and spouses. In all, the data breach affects 7% of all Americans and includes their Social Security Numbers. We can now add potential targeted terrorist acts against Americans Federal workers to our growing list of online security concerns.
The hacking of data could expose financial information, medical history, social security numbers, drivers’ license numbers, and online identification data which could further expose one’s usernames and passwords to other resources. When companies allow their data to be hacked, by not setting up the required levels of security, it could affect their employees, customers, vendors and clients. When an employee record base is breached, the employer has to inform all their current employees as well as their former employees, if their data happens to be still retained by the system. However, when increasing focus on protection of employee data, many companies neglect the temporary workers who often comprise a large segment of their total worker base.
Temporary worker data is typically held in a Vendor Management System (VMS), Applicant Tracking System (ATS), and in the client company’s back office financial systems. The financial system, a critical component of every company’s infrastructure, is a main focus of protection for most companies today. But what about the VMS? These systems contain information about current and former workers. They include background information, resumes, contact information, assignment specifics, and other private details. In the event of a breach, the injured parties and their attorneys will hold the VMS provider and client company jointly responsible.
When considering the security of information stored in a VMS system, some actions are mandatory:
It must be noted that any database linked to the internet is not truly secure. Sensitive and classified information is always at risk, but the risk can be significantly mitigated by setting a high level of security around the data, with the necessary authorizations and cross checks.
For a private employer, a data breach would not only result in damages and penalties but also damage the reputation of the business and lay it open to highly public procedures involving Government investigations and findings. In our next post, let us look at the steps a private employer needs to take in the event of a data breach.
Mail (will not be published) (required)
three − 2 =
Thanks for Subscribing to DCR Blog.