The Human Resources department collects a large amount of sensitive data from its employees.
The organization needs to collect HR data for a number of reasons, some include:
- Legal requirements: To prove that the organization is hiring at an equal opportunity standard, also, to ensure that and prove that any firing done by the company is done for the right reasons and is readily available to prove that.
- Supply management information: To make sure that decisions made regarding the manpower planning and Training are based on actual needs.
There are many types of data collected by HR, those types include:
- Training Needs Analysis (TNA) + Training records: Such records are kept to ensure no duplicate training is given to an employee; also, it helps in identifying the Learning & Development budget for the next year.
- Turnover data + hiring data: These records make it very easy to identify the manpower plan and budget for the upcoming year.
All these data are stored both as a soft copy (electronic) and hard copy (paper), the reason why we keep such records stored using these two methods are due to the benefits that they offer, which include:
- Soft Copy (Electronic):
- Easily Searchable.
- Non Hazardous.
- Easily shared.
- Backups are made frequently.
- Does not take space..
- Hard Copy (Paper):
- Government required documentation.
- Signed records.
- Available in case of blackouts.
There are numbers of legislation relating to record keeping, storage, and accessibility especially under the European law that must be followed, which includes:
- Data Protection Act: This act applies to any and all types of data keeping including the soft copy and the hard copy. Personal data here refers to any type of information related to the employee, and not limited to the confidential or private information. There is a set of 8 principles that are designed to protect any person from misusing data which are:
- Data must be processed fairly and lawfully.
- Personal data can be obtained only for specific and lawful purposes and not processed in any incompatible manner.
- The data must be adequate, relevant, and not excessive.
- The data must be accurate and, when necessary, kept up to date.
- Data should not be kept more than necessary.
- Data shall be protected in accordance with the rights of data subjects.
- Data must be protected by appropriate security measures.
- Personal data must not be transferred to countries that do not provide an adequate level of data protection.
- Freedom of Information Act: This act covers obtaining any information from a public sector or organizations holding the data on behalf of the private sector, this act came to play in 2005 but it doesn’t provide any additional rights to employees or others to access employee records.
- Human Rights Act: This act discusses the rights to respecting the privacy of individuals, in particular under article 8 of the act: “Everyone has the right to respect for his private and family life, his home and his correspondence.”