Digital Transformation of Human Resources and the Data Protection Risks

In recent years, there has been an explosion of interest in digital technologies for human resources. Human Resource (HR) is an essential function of any organisation. Many organisations have turned toward using digital tools as part of their performance management, recruitment processes, learning management systems and even workforce analytics. Some examples include online applications, video interviews, virtual reality assessments, and so forth.

To understand why these changes occurred, we need to look at how they fit into broader trends that were taking place across different sectors. For example, the rise of big data analytics meant that companies could collect more information about employees and digital recruitment processes are more prevalent with rapid digitalisation.

What's Next in Human Resources and Data Privacy

Data privacy and security for the HR Suite includes tools such as human resources software, talent acquisition systems, performance management tools, compensation planning solutions, succession planning tools, recruiting technology, applicant tracking systems, workforce analytics, learning management systems, recruitment marketing automation platforms, social media monitoring and engagement products, and much more.

These technologies aid in the productivity of organisations’ work processes, including helping them manage people better, recruit new hires faster, develop effective leadership teams, improve productivity, and engage customers through online channels. But just like any tool, if misused, HR suites can pose risks to individuals' privacy and safety.

How does electronic data storage make employee privacy a lot more complicated?

Even though HR technologies can improve employee productivity and allow them to complete work more accurately and efficiently, employees may wonder, “How secure is my data with the HR department?”. It is no wonder that this thought might have come across in the employee’s mind as the information that they provide include their national identity documents, birth date, previous employment records, medical history, financial information i.e., bank account details, etc.

The organisation must therefore implement control measures and a robust data protection management programme (DPMP) to manage and protect the data. Data is widely stored on cloud servers these days, so it is important that a secure network is in place, as well as control measures to protect the data that the organisation has. Organisations must also establish protocols and practices to permit only authorised HR employees to access employee data when it comes to electronic data storage and digital files. Furthermore, the retention period of the employees' data is an important consideration, as is conducting due diligence on third-party vendors if the organisation utilises a third-party platform for payroll or other HR-related functions.

In the following case study, the leak of personal data of job applicants by a company, Larsen & Toubro Infotech, led to a fine from the Personal Data Protection Commission (PDPC).

Case Study: Larsen & Toubro Infotech

Source from PDPC: www.pdpc.gov.sg/all-commissions-decisions/2021/06/breach-of-the-protection-and-consent-obligation-by-larsen-toubro-infotech

According to the Personal Data Protection Commission (PDPC)’s investigation - between 2016 to 2020, there were 13 past job applicants’ forms that were disclosed by 10 Larsen & Toubro Infotech employees to 74 other job applicants. As a