Data protection: Five tips on safeguarding data at the workplace

As most of the data breaches are done by staff members, there is need to put in place measures to reduce the risk of organisational data breaches as a result of staff negligence.

Photo credit: Shutterstock

There is a lot of data that is exchanged in the workplace between the employer and the employee. The employer handles a lot of personal data for staff members, and this includes names, personal identification, tax registration number, NHIF and NSSF details. At times, staff give third party data like the names and contacts of next of kin for purposes of medical cover and other benefits like pension.

Employers also collect a lot of staff data like photographs during team events. The staff on the other hand, are privy to a lot of organisational data. This may include client contacts and lists, financial records, operational data, strategy and a lot of other data that belongs to both the organisation and third parties.

The new data protection law requires that both employers and staff comply with the legal provisions when handling data that belongs to each other. There has been a lot of litigation on data privacy breaches in the workplace, both from the perspective of staff and from that of employers. Data privacy is an emerging risk that organisations now find themselves exposed to.

Most of the data privacy breaches that happen in organisations are done by staff members. Here are five tips on how data privacy can be enhanced and managed in organisations.

1. Get compliant

The first thing an organisation can do to minimise data breach risk is by getting certification from the regulator. Before an organisation can be issued with a certificate of compliance it ought to put in place several measures to enhance data privacy. With the help of a lawyer, an organisation can put in place risk reducing measures.

2.Audit of the current practices

A lawyer will assist your organisation perform an audit of your current practices. He or she will first begin by documenting the current human resource (HR) practices and procedures. The he or she will document how your HR department onboards new staff and how they handle the staff data. They will also document how your staff handle organisational data.

3.Identification of risk

Your lawyer should then help you to identify the risk areas by undertaking a compliance analysis of your existing data practices against the requirements in the law. Your lawyer will help you flag out the areas of non-compliance.

4.Risk mitigation

Your lawyer will then make recommendations which will help your organisation become data compliant. These recommendations may be made in line with the provisions in the data protection laws, or in line with international best practices.

5. Implement recommendations

Your lawyer will then guide you on how to implement the recommendations to help your organisation manage staff data better.

As most of the data breaches are done by staff members, there is need to put in place measures to reduce the risk of organisational data breaches as a result of staff negligence. The first is to train your staff members on how to handle business data in a manner that enhances data privacy. The training may include technical, operational and legal aspects.

The employment contract should include data privacy as a mandatory condition. Wilful or negligent data breach ought to be a disciplinary item. Repercussions for staff data breach include termination.

In the event that the data breach is so serious as to expose a business to a lawsuit, then the culpable staff ought to be personal liability for such loss. A well drafted indemnity clause shall protect the business.

Ms Mputhia is founder of C Mputhia Advocates | [email protected]

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.