With duties like employee onboarding, training, performance reviews, and payroll, human resources (HR) departments are the processing plant for sensitive information.
HR is the keeper of medical information, workplace grievances, social security numbers, compensation information, probationary notices, and other private matters. A security breach in HR can have major consequences for an individual or company; thus, it’s important to take steps to protect this department.
This insight piece will explore key information security challenges that exist in HR, as well as technology solutions for addressing these challenges.
Paper is vulnerable
Paper documents are inherently vulnerable to security threats. Paper is easily duplicated at a multifunction printer (MFP), or misfiled. Print jobs can be forgotten, meaning an important document may end up sitting on a printer for anyone to take.
Paper trails are difficult to track. For example, if a copy is made and sent in an envelope, there may be no proof this took place. Furthermore, paper files are difficult to maintain. Records containing hardcopy information must be adequately locked away, archived, and disposed of in order to maintain security.
Many companies spend money on secure archives or third-party paper shredders, when eliminating paper could create greater savings and security. And though digital information can be protected in a variety of ways, Keypoint Intelligence/InfoTrends has found that only 22% of HR representatives report keeping an electronic record for employees.
Personal records are subject to regulation
Human resources is also tasked with ensuring that an organization is compliant with a number of government regulations. The personal health information from insurance forms or medical leave documents, for example, is protected by the Health Insurance Portability and Accountability Act (HIPAA).
The Department of Labor, meanwhile, imposes and manages over 180 federal laws that pertain to the workplace. Included in this list is workers’ compensation, the Family and Medical Leave Act (FMLA), and union regulations. As issues tied to these statutes arise, strict paperwork protocols must be followed.
For instance, consider the simple U.S. I-9 form. Each person on payroll must have a completed I-9; these forms must be kept for a period of time. To calculate the necessary retention time, one must identify a date three years from the start date of work, or add one year from the date terminated (whichever date is later).
These forms must also be stored in such a way that they can be accessed within three days (if the government requests them), and inspected if needed. That’s fairly complicated; it’s just one of the many forms that human resources deals with on a consistent basis.
Technologies that minimize security risk
New technology can protect HR information in various ways. Scan, capture, and workflow solutions, for instance, can help HP move away from paper and its associated risks. A blank form can be fed into an MFP; using optical character recognition (OCR) technology, it can be turned into a fillable PDF.
Employees can then access the form from a cloud repository or server, and fill it out directly from their computer. If paper can’t be completely eliminated, paper documents could be scanned and then shredded.
Organizations could also implement a document management solution. This digital tool tracks all access to records, helping to reduce the risk of security breaches. A document management solution ensures no one is accessing records without the correct permissions.
Document management solutions also make it easier to find information. One can simply search any number of highly unique fields, such as social security numbers, dates, or employee IDs, to find relevant forms instantly.
- Paper is vulnerable to security breaches.
- Human resources is subject to many compliance regulations, including those that regulate the retention and storing of documents.
- Office solutions can improve security and compliance.