When we talk about data privacy in a business, the default is to generally think about the data the business has collected and compiled from its clientele. However, that’s just one type of data a business has. There’s also a lot of data that is collected by the business about that business’ employees. So, how well protected is this data?
If you don’t have an answer ready, you need to fix that.
…and there’s legal precedent to prove it. In Pennsylvania, the state’s Supreme Court ruled as much in Dittman v. UPMC, a class-action suit that was filed after the University of Pittsburgh Medical Center and UPMC McKeesport had data stolen after hackers accessed the medical center’s systems and stole a considerable chunk of data. This data involved personally identifiable information and financial details, and so the case was ruled in favor of the plaintiffs—the employees who had their data stolen. According to the employees’ case, the hackers used the data to illegally file tax returns, costing the Internal Revenue Service a significant sum.
As a result, the Pennsylvania Supreme Court established that “an employer has a legal duty to exercise reasonable care to safeguard its employees' sensitive personal information stored by the employer on an internet-accessible computer system.”
On a national scale, employees also have their privacy protected by the tenets of the Privacy Act of 1974.
Of course, we are not legal professionals, so none of this should be construed as legal advice. However, it is important to know that you are responsible for protecting the personal and private data that your employees have entrusted to you.
So, how can you do that?
Fortunately, protecting an employee’s privacy is a task that can be accomplished (or at the very least, supported) with a few technologies and policies that we regularly endorse:
If your business isn’t utilizing a secured, private Wi-Fi signal, you’re effectively inviting threats in. This kind of vulnerability could enable access to any device that connects to the wireless signal, potentially putting your data—including that which pertains to your employees—at risk. Securing your Wi-Fi signal and keeping it private helps to deter all kinds of threats to some degree.
While all of these safeguards ultimately help protect your business as well as its employees, this one, in particular, can help keep threats off your network by preventing your employees from visiting the sites that are likely to spread them. As an added bonus, you can filter out websites that would primarily be a waste of a team member’s time to visit.
A VPN is a great way to keep a potential cybercriminal from accessing any data you’re sharing over the Internet by hiding it in a layer of encryption. However, it also helps to shield a remote employee’s identity and location, boosting their privacy as a result.
Many threats that could potentially steal an employee’s information can be prevented through some basic safeguards, like antivirus protection and spam blocking. Ensuring these defenses are installed, activated, and maintained on any device used for work should be a top priority.
Here’s the thing—the less able someone other than an employee with permissions is to access certain network resources, the less you have to worry that someone else can access data they shouldn’t. Two-factor/multi-factor authentication (2FA/MFA) is a good option to help do so.
Finally, it’s important that we touch on the fact that, despite the employer having the advantage insofar as workplace privacy is concerned, there are limits that you need to be aware of. There are standards in place right now that dictate what employers must do to protect their employees’ data. Make sure you look into what applies to your business and see to it that these protections are in place.
We can help businesses accomplish all of this and more, boosting everything from your security to your productivity. Find out what else we can do for you by calling 561-795-2000.