HR’s Growing Role in Data Privacy & Protection
Insights and Advice from an Empyrean Expert
The role of our HR and benefits leaders continues to evolve and expand, and now our human resources teams are at the forefront of the battle to ensure both company and employee data remains protected and secure in our increasingly digitized world.
Gone are the days when only certain subgroups of an employee population relied on technology to perform their jobs. Today, nearly every American worker touches technology in some form on a daily basis, putting an increasing burden on HR teams to manage and train our evolving workforce on the best practices for ensuring data protection and security.
HR professionals are tasked with ensuring that employees follow IT and security policies and protocols to protect not only the company they work for and the customers they serve, but also themselves. Following the trend of supporting total employee health and wellness, more and more employers are offering identity theft protection as a voluntary benefit. However, an analysis of Empyrean’s enrollment data shows that only 13.8% of those employees offered the benefit enroll.
While we may tend to focus on highly-publicized and wide-spread security and data breaches impacting huge numbers of consumers, a study conducted by the Ponemon Institute found that just eight percent of all data breaches are caused by external cyber-attacks. Instead, the overwhelming majority of data breaches are caused by human error.
While experts recognize that it is a huge undertaking, they caution that HR professionals need to partner with IT to concentrate efforts on building a workplace culture where all employees are playing an active role in keeping data safe and secure, including instilling a sense of accountability across teams to ensure that data security needs are a priority.
In recognition of Data Privacy Day, we sat down with our Senior Security Analyst, Joel Tristani, to discuss the importance of data privacy and protection, including how we protect our own client data here at Empyrean.
Let’s start with the basics. Why is data privacy so crucial, and what should employees and organizations know about it?
Organizations are entrusted with handling personal data, and must take all necessary precautions to ensure it remains protected while in their care, including while it is being stored, processed, or is in transit to another authorized party.
There are many reasons why an employee might want to keep data about their identity, health, finances, or other matters private, and it is every person’s right to decide who has access to their personal data, and how it should and should not be used.
How can employers help employees safeguard data privacy?
There are a myriad of ways that employers can support safe and effective cyber hygiene. At Empyrean, we provide security awareness training to all of our employees, which includes important tips and tricks on how to look out for various red flags when using email, browsing websites, and operating computers and other devices.
We encourage all employers to ensure your employees are equipped with the proper tools, resources, and guides to help them handle their own data, and their clients’ data, in the safest, most secure way possible.
How does Empyrean protect our own client data?
At Empyrean, the protection of client data is a top priority.
Client data is always encrypted while at rest within our systems and during transfer in from a client or out to an authorized partner. In addition, before it’s transferred through an encrypted pathway, data is further encrypted at the file level to ensure that only the owner of that data can decrypt and access it, even after it reaches its final destination.
Access to client data while in our care is limited to only the client team members that require access in order to service the account. Beyond secure data handling practices, we maintain a robust security control environment and multi-layered defense strategy to ensure the confidentiality, integrity, and availability of our own and our clients’ information assets.
What’s your best advice for everyday data privacy protection?
A quick tip for everyday data privacy protection is to enable multi-factor or two-factor authentication for bank, insurance, and other websites that store your personal data.
And please – I cannot stress this enough – do not re-use passwords! If one of your accounts is compromised, all of your accounts with the same email and password combination will also be at risk. Multi/two-factor authentication mitigates this to some extent, but your best bet is to create different, strong passwords that will help protect you against cyber threats. Establish your own multi-layered defense, and don’t be afraid to ask questions.
Whether you’re an employee trying to protect your own personal data, or an organization safeguarding client information, everyone has a responsibility to ensure sensitive data is sent, stored, used, and viewed safely and appropriately.
About Joel Tristani, Senior Security Analyst at Empyrean
Joel joined the Empyrean team in 2021, and plays a pivotal role as a member of the organization’s IT and security teams. His decades-long IT career includes time spent at corporations like Widespread Technologies and BCI, as well as time spent at municipalities and within the private consulting space.
Joel earned a B.S. from Hodges University, as well as a M.S. in Cybersecurity from DePaul University. He resides in Tucson, Arizona.