Employee Offshoring: An Introduction to Data Privacy and Compliance for HR and IT

Check out all the Smart Security Summit on-demand sessions here.

The issue of data privacy has become a priority as the volume of data breaches grows, along with the implications for organizations and HR departments. After all, tens of billions of personal records have been exposed in recent years.

Each breach prompts regulators to add similar safeguards to the European Union's General Data Privacy Regulation (GDPR), which became law in 2016. GDPR has already resulted in fines for nearly 1,000 organizations amounting to more than 1.25 billion euros. . Amazon Europe wins the top prize, with a huge levy of 0.75 billion euros.

Other leading companies have been hit with significant GDPR-related fines, including WhatsApp, Google, Target, Yahoo, Marriott, Equifax, and Facebook. The GDPR also allows individuals to seek damages in court from anyone who neglects their personal, health or other sensitive information.

Similar laws are in effect around the world, such as the New Zealand Privacy Act and the California Consumer Privacy Act (CCPA). Others are coming, such as India's personal data protection bill and perhaps a US data protection and privacy law.

On-Demand Smart Security Summit

Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.

"Beyond security and data protection standards, many government and industry regulations such as GDPR tie workforce data together," said James McQuivey, vice president and analyst principal at Forrester Research. "These complex regulations will increase, making it harder to determine what employee and workforce information you can collect and how you can use it."

With so many potential fallouts from privacy breaches, it's no wonder that HR departments are so much more important in businesses than they used to be. Employees receive regular training on information sharing, data privacy policies and security processes.

One of the biggest dangers with privacy and data breaches in HR involves offshoring employees. It may be too easy for someone leaving to walk away with a USB drive full of customer records or to retain access to certain systems, hoping to profit from them later.

A Beyond Identity study found that 83% of former employees could still access certain corporate accounts. Unless HR is very deep into the offshoring process, people can find ways to access certain systems. Another finding is that half of companies don't use automated processes to change user passwords when someone leaves, and only a third delete user accounts as part of the relocation process. Therefore, it should come as no surprise that 25% of employees admit to taking customer information from a former employer. This ranges from customer contact and financial information to comprehensive CRM databases.

"Employers should implement security measures when offshoring, such as disabling access to email, removing all rights, disabling access to all applications, and asking employees to confirm that they have returned all personal company data and have retained no company data,” said Uzy Hadad, Ph.D., founder and CEO of Privya , an artificial intelligence (AI)-based data protection and compliance provider.

In addition to disabling user accounts, organizations should follow...