HR Policies To Ensure Data Protection

Posted  June 28, 2019  by  Jenny Green


The Human Resource (HR) team is arguably the backbone of any organisation, given their responsibility in various business operations such as strategic management, payroll matters and the recruitment and hiring process.
 
What many don’t realise is that on a daily basis, the HR team also handles most of the organisation’s internal processes, procedures and sensitive information such as employees’ personal data. This data can range from NRIC numbers, residential addresses, personal email addresses to mobile numbers - making them a target for data thieves and data mongers.
 
Doing it right the first time
 
If data falls into the wrong hands, organisations could suffer the consequences of a data breach, including business fraud, which can cause both reputational damage and monetary loss. Hence, it is crucial for organisations to put in place policies to ensure data security, such as:
  • Obtaining consent from employees for collection, use and disclosure of data
An individual’s data is a unique identifier and can reveal much about a person. The organisation should always seek consent from employees or candidates when collecting, using or disclosing their data.
  • Safely securing physical documents in locked cabinets
If the data is available in hardcopy, organising and locking it in a cabinet can ensure that the data is never within reach by unauthorised individuals. Likewise, digital data should be stored in encrypted devices to avoid prying eyes.
  • Disposal of all unused physical documents and hard disk drives
Unused or old physical documents should be regularly disposed of through secure shredding. The PDPC also recommends that organisations discard unwanted hard disk drives through shredding as shredded materials are nearly impossible to be reconstructed by data mongers.
  • Regular spring cleaning and internal risk assessments
‘Cleaning’ and organising your database can assist in ensuring that no unused information is retained unnecessarily. Regular internal risk assessments should also be conducted in order to identify any possible areas that may pose a security problem. Employees are also encouraged to practice a Clean Desk Policy and a Shred-it All Policy to make sure there is no confidential data left lying around, and all documents are securely destroyed on a regular basis.

In addition to these policies, organisations are also encouraged to appoint a Data Protection Officer (DPO) to work closely with the HR team and review data protection regulations within the organisation.
 
It is always best to keep your organisation safe and prevent a data breach at all costs. A solid data protection process is important, and it is the responsibility of everyone in the organisation to ensure secure protection of all sensitive data to remain compliant with the privacy watchdogs.
 
Start Protecting Your Business
 
An organisation that integrates data protection into its business processes can help reduce the risk of a data breach and non-compliance to the PDPA. Learn more about how Shred-it can protect your documents and hard-drives by contacting us.
 

Request a Quote and Start Protecting Your Business Today!

Fill out the form or call 6787 7777 to start protecting your business today! 

Select Service




Company info

Your info

Additional Info

×