Mitigating Big Data Security Risks: An HR Perspective
This article was updated on July 25, 2018.
Many organizations are now embracing the curation of big data to enable strategic decisions based on statistical fact rather than intuition — and that includes HR decisions. Because big data could be a big part of HR departments for years to come, the challenge for HR leaders extends well beyond data analysis and interpretation. You must also be vigilant to minimize big data security risks, which could expose your organization's sensitive or confidential information.
When organizations collect big data, they are often curating private information about employees, some of which could expose them to civil rights and bias lawsuits. The Ponemon Institute found that 45 percent of organizations surveyed had experienced at least one data breach in the previous 24 months. It is vital that the CHRO engages with the CIO and CFO to revise systems, policies and processes to mitigate risk and ensure big data security.
Dos and Don'ts
Fundamentally, big data security involves installing robust policies and procedures to control how users access your big data. That includes creating restrictions that limit user permissions based on their role, keeping organized logs of user activity and auditing your systems regularly to verify that there have been no breaches. You should determine which data sets should be protected by encryption key, as well.
Think about where your cloud-based system is hosted. Essentially, you need to know where the data is being stored, who has access to it and how it is tracked, particularly in order to comply with Freedom of Information requests and Affordable Care Act (ACA) compliance.
Assess all of your organization's data sources and their vulnerabilities to minimize the potential for inaccurate or fraudulent data.
Review all existing or new contracts (internally and externally) and incorporate the parameters of how you wish to use any data and what restrictions are in place.
Don't collect and store any more data than you need. Although it may seem contradictory, less is more when it comes to retaining data. The more data you have the more at risk of a data breach your organization is.
Don't forget to scale. Address inevitable future growth in your current processes and systems. Data security should be customized for potential risks or threats pertinent to each organization, so employing a scalable, analytical-based tool will provide the flexibility to change as business evolves.
Consider cyber liability insurance cover as another tool available to manage risks associated with data. You can, for example, pay the expenses associated with identifying who must be notified of a breach and providing required notices.
HR is pivotal in setting the boundaries and structure, but employees are a vital part of the security process, as well. So HR should take responsibility for educating them. That involves mapping out the correlation between the requirements of each area and the potential security breaches, first and foremost.
It also includes assessing the vulnerability of sensitive corporate data on employee smart phones versus the need for workplace flexibility and productivity, and aligning data usage policies accordingly. Additionally, an organization's supply chain information security policies should also be appraised to ensure the protection of intellectual property.
Once a risk management audit is completed, robust policies and procedures should be in place, communicated regularly with all employees and continually reinforced so that every member of your organization truly understands the critical nature of those measures.
The requirements for maintaining big data security are complex and change rapidly. With a clear organizational framework, regular training and standardized compliance audits, you can mitigate future risk.