With the news that a data firm was given access to the personal information of 87 million Facebook users, the ramifications were widely felt. For many, this was a wakeup call about how easily social data can be accessed without their consent. While back in the early 2000s, people were afraid to put information online, now the average person has become accustomed to regularly giving up their personal data without a lot of thought. However, Cambridge Analytica-gate may be the beginning of a different way of thinking about personal data on a large scale.
So, what does this mean for companies that sit on huge amounts of employee information?
A data-informed strategy to HR and benefits has become increasingly important as employees have started to expect that their organizations should understand them and provide the kind of tailored experiences that they are accustomed to experiencing as consumers. Indeed, companies are now treating their employees like internal consumers – collecting data insights from them with the aim of improving employee engagement and retention strategies.
However, even as the industry frequently discusses how data and technology can improve outcomes and transform HR, how often do we dedicate time to making sure that the potential of all this data is harnessed in the right way? By setting and enforcing standards, taking action to tie up loose ends, and letting your values guide you, companies can make sure HR data lives up to its original promise without risking a Cambridge Analytica moment.
Set and enforce security standards
Later this month, a landmark regulation in the European Union, the General Data Protection Regulation (GDPR), will go into effect. Non-compliance will prove costly, so companies across Europe have been highly incentivized to gear up to more stringently protect the personal data and privacy of their employees. Global US companies who operate in Europe will be meeting these standards – 68% of U.S.-based companies with more than 250 employees expect to spend $1 million to $10 million to meet GDPR requirements – but the majority of US companies will still need to determine internally how to best protect data since the US does not currently have a similar regulation.
As a result, companies should establish their own detailed and thorough policies about how and when employee data is used, along with who at the company has access to what data. For example, some confidential HR data should not be available to IT in all cases. Once you have written or updated your policies, the HR and benefits team should distribute this company-wide with brief, clear explanations about not only the policies themselves, but also explaining how the company uses data to benefit its employees. For instance, if a company’s benefits platform will send out a push notification with information about adding a spouse to their health care plan after a recent wedding, employees should be reminded of this as a reassurance that the company is looking out for their best interests and using their data in ways that will benefit them individually.
Review apps and your providers
Policies alone can’t protect data. It’s important to also dig in and start data mapping to identify each and every app and service that interacts with personal data about a company’s employees. By doing this, you can identify any security gaps and begin to question your third-party providers more closely about how they protect data. Do your HR and benefits technology platform providers give you the reassurance you need over data security? This is an essential conversation to be having with your company’s technology providers.
While you’re considering security, don’t forget to factor in non-technology related issues that might crop up. Although technology breaches are a serious concern, some companies are also still leaving employee data like social security numbers vulnerable via manual-based reporting documents. Outdated HR processes like Excel spreadsheets aren’t encrypted and are at high risk for unauthorized access due to widespread sharing internally and externally, with this personal information sometimes even being added as an attachment that’s sent to multiple providers in different countries via email.
How you use the data matters
Employee data has the potential to be misused, so it’s important to live out the values that attracted your employees to your business in the first place. When determining your internal security standards and the types of providers that you’ll work with, a company’s values are often the best guide for steering the executive and IT teams toward being good stewards of employee data. Company conduct with data should always point back to supporting an employee’s best outcomes. What will benefit the employee in the long-term and make them feel supported and valued by the company?
Things like education about 401ks and employee matches as well as targeted employee communications and reminders about signing up for health care or a wellness benefit go a long way toward making an employee feel well cared for by their HR team and the company. When employers use data to frequently drive communication with their employees (at least four or five different occasions throughout the year), 95% of employees say that they are proud to work for their company and 90% would recommend their employer to a friend.
Ultimately, the possibilities presented by benefits and HR data are nearly endless, but how a company protects and uses this sensitive employee information can be make or break for data’s promise in transforming HR.