3 privacy ‘musts’ for securing employee data

Issue: You’re responsible for securing sensitive employee information.

Benefits: Privacy measures and policies protect employees from identity theft and privacy invasion.

Actions: Refine your privacy policy, institute a proper employee-records system and enact Social Security number security.

How safe is your employees’ personal information? Between the growing threat of identity theft and new obligations such as those under the Health Information Portability and Accountability Act (HIPAA), it’s up to you to protect employees’ privacy.

Here are three ways to upgrade your privacy requirements:

1. Draft a privacy policy that describes the types of information your managers can and can’t collect from employees under state and federal law. Clarify how you will protect records, who can access them and how you will dispose of obsolete information. Include a process for employees to alert you to privacy violations and problems.

2. Maintain employee records properly. Managers should have access to employees’ job and performance information but not to medical records, Social Security numbers or other personal data.

That’s why you should keep personal information separate from employment and performance data. Store HR records in a controlled area that’s accessible to only those few people, HR personnel, for example, who need them. Follow HIPAA regulations for verifying that service vendors are securely storing and transmitting sensitive employee information.

Finally, at least once a year, re-evaluate your trash-management procedures to make sure that confidential information can’t inadvertently wind up in the wrong hands.