HR could use better PR. Say "human
resources" and some people think of Dunder Mifflin's
joy-deficient Toby Flenderson from "The Office."
But you know better and appreciate the job your HR team does to
keep your organization up and running. They're also a
critical line of defense between your company and the onslaught of
data thieves and scammers. The BCP Business Center has a special page to make their job a little
Why should HR be a part of your data security efforts?
Think about what's in their files and on their
computers: W2 forms, health records, insurance
information, and the like. High-profile hack attacks grab the
headlines, but consider the effect on morale if a lost laptop or
stolen folder compromises an employee's Social Security
number. As a longtime leader in information security, the FTC
has bread-and-butter resources to help companies develop data
security policies suited to their size and line of work. Protecting Personal Information: A Guide for
Business and the accompanying online tutorial is one place to start.
Of course, data security is every employee's job.
Whether it's the mail room staff knowing to send sensitive
paperwork by the safest method or the CEO who could use the
occasional reminder not to email a confidential memo over an
unsecured wireless network, everyone has a role to play —
including your HR department, which is often the contact point for
new hires. Work with them to incorporate data security into
your orientation program. Rather than starting from scratch,
check out our Privacy & Security page for materials you
If an employee has been the victim of identity theft, HR may be
the proverbial canary in the coal mine. Staffers may turn to
them if someone has used their health insurance to get treatment or
if a tax problem tips them off to ID theft trouble. Studies
suggest that people have to spend days — or months
— detangling the mess that fraudsters can make of their
lives. Your HR team can help employees get back on track by
referring them to the FTC's step-by-step guide, Taking Charge: What to Do if Your Identity
Has Been Stolen. Our ID Theft page offers sample letters and forms
to help pave the road to recovery.
The 2010 theft of an unencrypted laptop containing confidential health care information made front-page news in 2013, not because a huge number of patients were affected, but for the exact opposite reason.
Any company that collects personal data from consumers should take proactive steps to have appropriate legal counsel review its data security practices, as well as its terms of service or privacy practices, to identify any potential problem areas.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.