Data Breach

Privacy is a Global Issue

by
bestfoto77/Shutterstock

The world is getting smaller. This oft-used statement is made in relation to the impact of technology on our lives from a global perspective. It is supposed to signify the advances that have been made that allow us to have ‘real-time’ communications with each other at any time, and from almost anywhere in the world. If you’re in Canada, and have the right access codes, you can send a text message to someone in India and expect to have an almost immediate response. You can order your living room furniture directly from a Swedish manufacturer without leaving your house and enjoying the in-store meatballs. All of this can be done on a computer with a few clicks.

It goes without saying that the world is as big as it ever was. What has changed is our ability to access and share information on a global stage. It is from this perspective that we begin to see how our access to information is being shaped and directed by differing views on data protection and privacy.

In May of 2018, the European Union implemented the EU General Data Protection Regulation (GDPR). This legislation imposes accountability and responsibility on organizations that do business around the world, with particular focus on the protection of private information based on electronic and personal data.

This legislation has significant implications on Canadian businesses as it requires proactive measures to be put into place when there is a potential privacy data breach.

Click here to read about mandatory data breach reporting for Canadian companies.

The Society for Human Resource Management (SHRM) has provided a guide that outlines eight critical elements that the human resources function must have in place to be in compliance with the legislation.

Click here to read the SHRM article.

As noted in both articles, the GDPR impacts strategic international human resources management directly. If the Human Resources function was not actively engaged in data protection prior to the implementation of the GDPR, the legislation changes that business-level approach as well. It is the role of the Human Resources function to ensure that employee data protection rights, organizational data accountability structures, and data breach reporting requirements are all prioritized.

Once again, we see the ever-increasing need for a pro-active and visible Human Resources presence that must find its place on the shrinking global stage.

 

Discussion Questions:

  1. From an HR perspective, what constitutes a data breach?
  2. How will the European privacy legislation impact global businesses and the Human Resources function?
  3. What should Canadian multi-national companies put into place to ensure the privacy and protection of employee data?
  4. What are possible remedies for privacy or data breaches that happen outside of Canadian business jurisdictions?

Ethics & HR

by
Allexxandar/Shutterstock

For Human Resources professionals in Ontario, our practices as members are regulated through the Human Resources Professionals Association (HRPA). As posted on the HRPA website, ‘the overarching objective of HRPA’s regulatory function is to protect the public by ensuring that human resources professionals in Ontario are competent and act in an ethical manner’. [1]

Certified members of the HRPA in Ontario must abide by the ‘Rules of Professional Conduct’ which clearly articulate the ethical requirement for the profession in Chapter 3 of this document.

Click here to access the HRPA’s Rules of Professional Conduct.

In the wake of much-publicized employee and individual data breaches, such as the Cambridge Analytica scandal, it seems that the need for ethical regulation is more critical for the profession than ever. We live and work in a world that is virtual. Our work-world is based in digital technology, which allows access to data that is linked to each one of us personally. In this technological environment, according to a recent publication, there are no ethical boundaries that frame or guide how our individual data can be stored, used, and manipulated by others in the workplace.

Click here to read the article.

While the Cambridge Analytica data breach and similar events have resulted in the introduction of increased privacy legislation in several countries, there remains an absence of ‘techno-ethics’ within the virtual workplace. Ethical conduct goes beyond simple compliance with laws and regulations. It speaks to a component of human behaviour that calls upon individual honesty, integrity, and personal accountability to care for our fellow human beings, and their personal data.

For the HR professional, our ethical responsibilities to the profession are in place. It is time to transfer these professional responsibilities into the virtual world to ensure that ethical conduct provides real protection for individuals and organizations alike.

Discussion Questions:

  1. As an HR practitioner, outline an ethics policy which focuses on the protection of employee data.
  2. What types of employee data should be protected? When and how should employee data be shared?
  3. How do you want your personal demographic data to be stored?
  4. What is the HR practitioner’s role when employee data protections are breached?

[1] https://www.hrpa.ca/professionalregulation_/Pages/Professional-Conduct.aspx