Digital Transformation of Human Resources and the Data Protection Risks

In recent years, there has been an explosion of interest in digital technologies for human resources. Human Resource (HR) is an essential function of any organisation. Many organisations have turned toward using digital tools as part of their performance management, recruitment processes, learning management systems and even workforce analytics. Some examples include online applications, video interviews, virtual reality assessments, and so forth.

To understand why these changes occurred, we need to look at how they fit into broader trends that were taking place across different sectors. For example, the rise of big data analytics meant that companies could collect more information about employees and digital recruitment processes are more prevalent with rapid digitalisation.

What's Next in Human Resources and Data Privacy

Data privacy and security for the HR Suite includes tools such as human resources software, talent acquisition systems, performance management tools, compensation planning solutions, succession planning tools, recruiting technology, applicant tracking systems, workforce analytics, learning management systems, recruitment marketing automation platforms, social media monitoring and engagement products, and much more.

These technologies aid in the productivity of organisations’ work processes, including helping them manage people better, recruit new hires faster, develop effective leadership teams, improve productivity, and engage customers through online channels. But just like any tool, if misused, HR suites can pose risks to individuals' privacy and safety.

How does electronic data storage make employee privacy a lot more complicated?

Even though HR technologies can improve employee productivity and allow them to complete work more accurately and efficiently, employees may wonder, “How secure is my data with the HR department?”. It is no wonder that this thought might have come across in the employee’s mind as the information that they provide include their national identity documents, birth date, previous employment records, medical history, financial information i.e., bank account details, etc.

The organisation must therefore implement control measures and a robust data protection management programme (DPMP) to manage and protect the data. Data is widely stored on cloud servers these days, so it is important that a secure network is in place, as well as control measures to protect the data that the organisation has. Organisations must also establish protocols and practices to permit only authorised HR employees to access employee data when it comes to electronic data storage and digital files. Furthermore, the retention period of the employees' data is an important consideration, as is conducting due diligence on third-party vendors if the organisation utilises a third-party platform for payroll or other HR-related functions.

In the following case study, the leak of personal data of job applicants by a company, Larsen & Toubro Infotech, led to a fine from the Personal Data Protection Commission (PDPC).

Case Study: Larsen & Toubro Infotech

Source from PDPC: www.pdpc.gov.sg/all-commissions-decisions/2021/06/breach-of-the-protection-and-consent-obligation-by-larsen-toubro-infotech

According to the Personal Data Protection Commission (PDPC)’s investigation - between 2016 to 2020, there were 13 past job applicants’ forms that were disclosed by 10 Larsen & Toubro Infotech employees to 74 other job applicants. As a result of failing to implement reasonable security measures to protect the personal data in their possession to prevent unauthorised disclosure of the personal data and for disclosing it without the job applicants’ consent, they were fined $7,000.

It illustrates the importance of implementing reasonable security measures and standard operating procedures (SOPs) to prevent unauthorised access to data. The organisation could have had another team member check before sending the emails out.

With the advent of digital technologies, organisations must ensure they are mindful of the data they possess, both internal and external, and ensure it is kept secure. Furthermore, organisations should also bear in mind that human error and negligence could contribute to data breaches.

To find out more about best practices for HR, check out our PDPA – A HR Perspective course. It also covers the 10 obligations of Singapore’s Personal Data Protection Act (PDPA) from a human resource lifecycle management perspective.