Big data at big employers poses big challenges. The creative and innovative minds involved in Human Resource information system technology build up and fiercely guard their firewalls to protect your organization’s and your employees’ rights, records, and privacy.
Still, the public has witnessed the hacking of enough big security systems to doubt that absolute assurance. While criminals and other interests traffic in and profit from stolen or compromised information, HRIS providers have fully committed to owning the promise they make to security.
However, small and mid-size businesses are rarely positioned to match the effort invested by the HRIS vendor. They understandably trust their vendor to do the job. But, things are changing quickly in the workplace, and the business owes its end-user employees some extra concerted effort. HRIS security has no room for your complacency, and you have to be willing to share the burden.
Consider the difficulty
- Personal Devices present an increasing problem.
Smartphones are handheld computers. When your employees bring their own devices to work, they punch holes in your wall. Where you cannot prohibit personal devices without sacrificing productivity and culture, you have to balance what organizational data you want them to access. Employees have no need-to-know about any other employee’s personnel information. How you facilitate their access to their own info while shielding all other employees is one system problem. If your HRIS is linked to productivity reports, compensation structures, benefits administration, or performance assessment reporting, you must determine what the employee has the right-to-know. Managing these levels of privacy rights across a range of platforms presents challenges that you cannot leave entirely to your HRIS provider.
- Cloud computing needs a lot of study.
Few laypeople really get the cloud. It is basically a metaphor for storage technology beyond your practical grasp (and mine). It attracts users with its enormous capacity, extraordinary speed, and complex integration potential. Admittedly, most HR managers require assistance in determining their cloud needs, metrics for cost effectiveness, and installation capabilities. Optimizing involvement in the cloud is a lot more than worrying about back-up and recovery. It takes project management input because it is not a plug-in. Now, since you cannot easily touch your data, you face challenges in visualizing, communicating, and sharing the data while also maintaining your HR provenance.
- Multiple devices have a way of cross-breeding.
If you limit end-user access to data to proprietary components or work floor kiosks, you can exercise some control. If you permit a dynamic and fluid connectivity through multiple platforms from office, to field, to personal devices, you have another set of problems. Data accessed can be data shared if you do not manage its access and distribution. Some of this becomes a high risk policy issue. For example, operations management wants access to time and performance, employee evaluations and feedback tools, but you have to keep those same managers away from otherwise confidential information. Or, executive management may demand all employee information, but even their access to private medical records and the like may violate HIPAA regulations and more.
Share the burden
Reliable HRIS providers are confident in their products and work constantly to stay on top of their technology and ahead of negative attacks. You can rely on them to bear and share their responsibility. But, as the customer, you cannot walk away from your duty to understand, monitor, and manage.
Check with your HRIS provider as to whether they offer education and training in information security awareness. This could include privacy and security training, security control requirements, legal/regulatory/certificatory responsibilities, and generally accepted security procedures.