3 privacy ‘musts’ for securing employee data — Business Management Daily: Free Reports on Human Resources, Employment Law, Office Management, Office Communication, Office Technology and Small Business Tax Business Management Daily

Issue: You're responsible for securing sensitive employee information.

Benefits: Privacy measures and policies protect employees from identity theft and privacy invasion.

Actions: Refine your privacy policy, institute a proper employee-records system and enact Social Security number security.

How safe is your employees' personal information? Between the growing threat of identity theft and new obligations such as those under the Health Information Portability and Accountability Act (HIPAA), it's up to you to protect employees' privacy.

Personnel Records: What to Keep, What to Toss

Here are three ways to upgrade your privacy requirements:

1. Draft a privacy policy that describes the types of information your managers can and can't collect from employees under state and federal law. Clarify how you will protect records, who can access them and how you will dispose of obsolete information. Include a process for employees to alert you to privacy violations and problems.

2. Maintain employee records properly. Managers should have access to employees' job and performance information but not to medical records, Social Security numbers or other personal data.

That's why you should keep personal information separate from employment and performance data. Store HR records in a controlled area that's accessible to only those few people, HR personnel, for example, who need them. Follow HIPAA regulations for verifying that service vendors are securely storing and transmitting sensitive employee information.

Finally, at least once a year, re-evaluate your trash-management procedures to make sure that confidential information can't inadvertently wind up in the wrong hands.

What do airtight personnel records look like? Take a look right now...
3. Safeguard Social Security numbers. The top source of identity fraud these days results from the theft or misuse of employee records. Avoid using SSNs on insurance cards, paycheck stubs, staff badges, time sheets and parking permits. Instead, use randomly assigned numbers. Finally, make sure to encrypt SSNs when transmitting payroll or benefits data.
The minute you go to work with Personnel Records: What to Keep, What to Toss, you eliminate all that dangerous guesswork, including:
    book cover
  • Exactly how long to retain job applications, résumés, job descriptions, disciplinary letters, attendance records, leave requests, medical-related data, employment agreements, payroll records, salary information, benefits information and more
  • How electronic storage requirements differ from paper requirements – and how to comply with both sets – without going nuts
  • Which documents need to be maintained in separate files – and why
  • How to handle medical records, and who should – and should not – have access to those files
  • How to create documentation for performance reviews, investigations and discipline so they stave off lawsuits and stand up in court
  • Best practices for destroying records – safely

Leave a Comment