The HR dilemma: Balancing data access and analysis with security

When a data leak at Sony exposed the private information of more than 15,000 current and former employees—including social security numbers, birthdates, and home addresses—it cost the corporation $8 million in settlements. For many companies, the data breach served as a reminder of the risks they incur having employees’ personal information.

Organizations know a lot about their employees. In fact, your employer probably knows more about you than any other organization, says data protection lawyer Tim Wybitul. Today’s HR departments house a goldmine of employee information, such as: 

  • Compensation and job performance data
  • Personal contacts and work history
  • Employment eligibility documentation (copy of Social Security card, driver’s license, or passport)
  • Health insurance records 

“From turnover rates and workforce characteristics to payroll and employment history, never before have HR professionals had such unfettered access to personal information,” says DataInformed

All that information can be incredibly useful for measuring performance, identifying skill gaps, and recruiting new talent—but using it comes with risks. Data thieves find employee data especially enticing (its value surpasses even that of credit cards), and a complex patchwork of federal and state laws place responsibility for protecting it squarely on the company’s head. 

Balancing data security with the need for access and analysis is much harder than it sounds. Routine business processes often include passing sensitive information in unprotected spreadsheets, causing nearly a quarter of organizations to have had a data breach that stemmed from the mishandling of data in motion. This raises some big questions: Who in your company has access to personnel data? Who should? How can HR professionals collect and analyze employee data, especially data that exists across multiple systems? How can companies safeguard employees’ privacy without hindering HR productivity?

First, let’s look at some of the most common pain points HR professionals face when it comes to employee data access:

Employee data exists in multiple systems and can be difficult to analyze 

When employee data is scattered across an organization in different systems, it puts the company at risk. Many organizations don’t even know what data they have, let alone where it is.

“For an organization to really ensure privacy, the first thing it has to know is where its data resides,” says Jerrard Gaertner, co-founder of a data analytics, governance, and management services provider. “According to privacy legislation, you have to know where all this data is, as well as how each of these pieces of information is being processed and used in every instance of the organization.”

Furthermore, the lack of systems integration requires HR staff to gather employee information from multiple sources (often manually) and compile it into spreadsheets for analysis. For more than half of HR employees, the process takes several days—or even weeks – and all the time data is unprotected outside of its core system.

Spreadsheets should not be the answer for employee data

Spreadsheets are one of the most common vehicles for data theft. As much as 25 percent of data stolen or lost internally is in the form of Microsoft Office documents. 

Every spreadsheet used to compile employee information opens a new point of vulnerability for your company’s data security. These types of documents can be useful for limited applications, but they’re a poor method for conducting sensitive business processes. For example:

  • Simple human errors can skew data.
  • Unprotected spreadsheets are often emailed to multiple contributors, reviewers, and approvers.
  • As spreadsheets and workbooks grow, they become increasingly fragile.
  • They lack control and security features.

“Spreadsheets are ideal for performing ad-hoc analyses and calculations with limited sets of data, but they should never be used as a database,” says administrative support expert Jodith Allen.

Protecting confidential data means controlling who has access to it

Developing strong data security policies and procedures can help prevent HR employees from accidentally exposing sensitive data. But even when an organization’s policies are clear, employees often fail to comply with them. 

A study on data privacy found that:

  • 87 percent of companies have employees that don’t notify anyone when a USB drive is lost.
  • 70 percent have employees carry confidential business information when traveling.
  • 65 percent have employees who leave their computers unattended.
  • 69 percent of companies do not mandate a device password or key lock on personal devices. 

One of the most effective ways to protect confidential data is to restrict access to it and ensure it cannot be stored on an employee’s device. Confidential information should be available only to those who can’t do their jobs without it. That’s why eight in 10 companies place high importance on managing end-user data privileges and are seeking solutions that help them identify and deliver only necessary personal data to HR employees.

Solving the HR dilemma with micro apps

If the above pain points illustrate anything, it’s that data access, analysis, security, and daily operations can’t be treated as separate entities. Rather, they should work together to keep employee information safe and HR teams efficient. 

Some data security experts even estimate as much as half of all accidental data loss could be prevented with simple measures such as tightening operational practices. 

For starters, companies need an efficient way to gather data from all corners of their organization so it can be monitored, analyzed, and protected. That’s exactly what Sapho was designed to do.

Sapho aggregates data from every system within your company and surfaces the most important information and actionable insights it can find — without the need for unprotected spreadsheets. It then delivers the information to only those who need it via a personalized “feed” that does not allow data to be stored on the device, helping to minimize the risk of exposing private information. Here are a few examples of how other organizations are using Sapho micro apps to solve some of their HR challenges.

How many of your HR pain points could a Sapho micro app relieve?

Natalie Lambert is the Vice President of Marketing at Sapho. She joins from Citrix where she held multiple product marketing leadership positions. Before that, Natalie was a principal analyst at Forrester Research where she was the leading expert on end user computing.

Stay up-to-date

Want to get started creating micro apps with Sapho for free?

Get Started