HR Technology: Ensuring Privacy, Security, and Confidentiality

By | Data Security | Leave a comment

Data Security

Regardless of what software and hosting they use, all HR leaders share one thing in common: They want to be sure their HR applications can deliver three mission-critical objectives — privacy, security, and confidentiality.

In HR case management, here’s how those three important objectives are defined and achieved:

  1. Confidentiality — Cases are accessible depending on their category or type of case and on rules set up by the organization. Confidentiality is meant to protect the case because of its assumed sensitivity or for legal reasons, and also to protect the identity of the employee and others involved. Examples include claims of sexual harassment, employee theft, and complaints about managers.
  2. Privacy — Cases are accessible only by authorized users based on the type of case and, largely, on the desires of the employee. For example, an employee may have a general HR question and want the response to be kept private. HR may not consider the topic one that demands confidentiality. LBi HR HelpDesk ensures privacy between the employee and HR by letting employees determine how they receive their responses during the handling of their case — email, in-person or directly by phone, for example.
  3. Security — Security is all about protecting data and information, and it’s delivered in various ways:
    • LBi HR HelpDesk Enterprise, for example, uses a single-tenant model with hosting on its dedicated server option including a dedicated hardware firewall. In our SaaS multi-tenant model (Pro and ProPlus) the data is stored in separate schemas divided by client so that “records are not co-mingled”.
    • Data is “encrypted at rest” to increase security. Data at rest is any data that’s not moving over a network or temporarily residing in computer memory to be read or updated (an HR case form that an employee has downloaded, for example). Encrypting data at rest requires password-based access if the server is ever unplugged and rebooted — or accessed by an unauthorized user.
    • Key PII (personal identifiable information) data fields such as Social Security Number or Bank Account info are further encrypted at the field level.
    • LBi HR HelpDesk Enterprise hosting offers “intrusion detection” at the server level that’s physically monitored around the clock.
    • The LBi HR HelpDesk application (and all our applications) are designed and developed using the secure coding principles from the Open Web Application Security Project (OWASP).

No matter where you are hosting this data and application (dedicated server, on-premises or in the cloud) the 3 principles above apply. Whether your data is in the cloud or on your company’s server you need to make sure it is secure.

Related articles

Image courtesy of tigger11th at FreeDigitalPhotos.net