Overview: One component of a risk management plan is protection of data. Every employer manages sensitive employer data. Whether it is client lists, future plans or other trade secrets makes little difference: employers should do everything in their power to protect this information from theft.
Data could be stolen from an inside source (such as an employee) or an outside source (such as a hacker). Employers should do their utmost to protect against both scenarios. From an HR perspective, there are employee concerns from both angles. The first, more obviously, relates to any data that the employer wants to protect from the employee - e.g., trade secrets. The second relates to data stolen that contains employee information.
HR, along with IT and any other relevant work group, need to create security guards that will both stop employees from stealing data and stop any unauthorized person from accessing employee information. Policies and employment agreements might help with some employee-related theft, whereas stronger password protections and spamming technology, along with greater employee education, are some ways to begin with the latter.
Trends: Bring your own device (BYOD) policies are growing and more and more employers are having employees bring in their own laptops, etc., in place of supplying employees with these devices. While there are many benefits to this type of service, there are also some security pitfalls regarding theft of data as the computers are often less secure, and it is harder to remove the data from the computer at the end of employment.
Author: Ashley Shaw, JD, Legal Editor
HR guidance on safeguarding employer sensitive data against theft.