Human Resource professionals believe in privacy. We don't share salaries or performance ratings (unless it’s part of our company policy to do so). When someone comes to complain about a perceived injustice, we conduct our investigations with the utmost care. When we coach a manager on how to handle a difficult employee, we do so behind closed doors so that only those that truly need to know, know. Privacy is a hallmark of good HR.
In an effort to be efficient, though, we've made everything electronic. Yes, this is convenient and makes it possible to review everything from an employee's pay history to their performance reviews with one click or toggle. However, it also means that employee privacy has become a lot harder.
In the old days, we did paper — and lots of it. Violating employee privacy was possible in only a few ways — if we left something at the copier, or accidentally set a file down in the office kitchen, for example. Now? Well, take the case of a poor former co-worker who accidentally sent a detailed rejection email to everyone in the building rather than just to the internal candidate. For hours, people were hitting reply-all saying, "Why am I getting this?" and then those responses started to morph into, "For all this embarrassment, you should just give the guy the job anyway."
The problem with this type of privacy breach is that no policy could stop it. The recruiter made a mistake. Email makes the exchange of information easy, but it also makes quick, inappropriate distribution easy, as well.
Privacy problems aren't limited to HR departments either. It's so easy to share information with the world today. What’s more, this sharing of information is a huge part of our current culture. Often people don't think twice before posting to Twitter. Take for instance the hospital employee who tweeted the name of a celebrity couple's new baby — before the couple had announced it. While most HR privacy issues are covered by custom and ethics alone, releasing patient information falls under federal law.
The reality is, you need policies and procedures in place for all of your company data and employee social media behavior. The National Labor Relations Board isn't making social media policies easy, though. In a recent case, the NLRB held that a social media policy which prohibited blogging or sharing "confidential or proprietary information about the Company, or ... inappropriate discussions about the company, management, and/or co-workers" in social media was invalid because that implies that employees couldn't engage in protected activity, such as discussing wages or working conditions.
See how complicated it can be to comply with the law when we're talking about keeping company information private? Remember to differentiate between company secrets, such as marketing plans and "secrets" like how much money people make and what they think of their bosses. Additionally, don't think that just because the NLRB was originally founded to deal with unions that it doesn't apply to your non-union company. They have jurisdiction over just about everyone — your business included.
The biggest mistake a company can make when it comes to privacy issues in the Internet age is to ignore it until something bad happens. Legal hassles can be a nightmare, but a public relations disaster can be worse. For instance, employees at a car dealership in Westport Massachusetts treated a pizza delivery person horribly, thought it was hilarious, and posted the security camera video on YouTube. The rest of the Internet did not find it funny, however, and came out strongly against the company. I doubt anyone ever thought to prohibit posting security camera footage on the Internet — but the backlash can be severe.
You need a good policy. You need to be extra aware of security controls on your internal data. Otherwise, you can have angry employees, an embarrassed company, or lawyers knocking at your door.
Ressourcen zu diesem Thema
Sie möchten noch mehr erfahren? Entdecken Sie unsere Produkte, Kundenberichte und aktuelle Brancheneinblicke.
Cornerstone unter den ersten Unternehmen, die den strengen ISO 27701 Standard im Datenschutz erreicht haben
Einer der wichtigsten Punkte unserer Reise bei Cornerstone ist es, unser Engagement für den Schutz von Daten wie auch Personen kontinuierlich zu beweisen. Daher freuen wir uns, heute bekannt geben zu können, dass wir die ISO 27701-Zertifizierung für unser Datenschutz- und Informationsmanagementsystem erhalten haben. ISO 27701 gilt als die erste weltweit anerkannte auf die DSVGO ausgerichtete Datenschutz-Zertifizierung. Sie ist eine Erweiterung des „Goldstandards“ für Sicherheit, ISO 27001. Sie fordert von Organisationen die Einhaltung eines strukturierten Rahmens von Anforderungen an die Informationssicherheit und den Schutz personenbezogener Daten und umreißt praktische Leitlinien für die Verwaltung von Datenschutzprogrammen.
Cornerstone and privacy
Interview with Thyronne Winter, Senior Cloud Security & Compliance Consultant, Cornerstone OnDemand
Webinar - Datenschutz - Stolperstein oder Wanderstock für Recruiting 2.0?
Sie sollen die besten Talente finden, Kandidaten begeistern und die richtigen Bewerber für Ihr Unternehmen gewinnen. Der neue Weg verlangt neue Werkzeuge, doch welche Maßnahmen sind riskant, vielleicht sogar verboten und welche hingegen erlaubt? Folgen Sie den Cornerstone Guides auf einer Datenschutz-Tour durchs Recruiting.