What has HR got to do with information and data management?

HR as a function handles some of the most sensitive data in any organisation. HR has a lot of rich, accurate and reliable data which can provide insights into what people actually need and want from their organisations. These insights can be used to understand how people are feeling, predict when people might leave, attract the right talent, promote the right people, motivate people and to determine the training and development needs. 

HR data can be used to improve business decisions, make employees happier, and optimise processes, it adds value to the company.

Data management is an effective combination of people, policies, processes and practices employed to protect data throughout its lifecycle. HR Consultants must ensure that they understand their obligations under the General Data Protection Regulation (GDPR) to protect personal data they may be entrusted with in the course of providing their services to their clients. The HRi Information and Data Management Standard requires our members to “take the necessary steps to  ensure that information and data entrusted to them and their practices are protected at all times”. The benefits to you, your business and your clients include compliance with policy and regulation, ethical, increased trust and confidence in your ability to protect data and reliability. 

Following good IT Cyber Security practices does not need to be tasking. Security should be incorporated into business as usual (BAU) activities and must certainly be considered as part of the strategic decision making process. 

Protecting your business data assets and that of your clients will ensure that the data does not fall into the wrong hands, that it is only assessed by authorised people and is readily available in an accurate format to those who need access to that information, to help them do their jobs and to run their businesses effectively. 

• Use strong passwords on all your devices. Avoid using the same password for several devices, websites and services. Use password managers from reputable vendors to help keep track of your passwords. Two factor authentication must be used wherever possible as an additional layer of security. 
• Secure your internet connection by using firewalls on your devices and your WiFi router. Always update your devices with the latest software, firmware and operating system updates and/or patches when they become available in order to keep your devices and your network secure. You will also need to ensure that the device and the software on it is set up properly and securely. 
• Having a good Backup Management Plan in place ensures that in the event of hardware failure, ransomware or malware attacks, you will be able to recover and restore your data, thus minimising the impact on your business. 
• In addition to the recommended practices above, cyber insurance is a must for all organisations. Protecting your business by having the right insurance policies in place will give you the assurance that if you are a victim to cybercrime, you can recover with the help and support of your insurer. 

Good housekeeping is an essential tool to information and data management. Only keep data when it is necessary to do so. Get into the habit of cleaning up data you no longer have a legitimate reason for holding onto or do not have consent to hold or process. Ensure that your clients are aware of your data retention policy and that there is a clear understanding in your contractual arrangements with regards to data protection. 

HRi run regular Data Manager and Security Webinars so keep an eye on our events page for details of the next one

Author: Mary Asante, Director, HRi