Policing the workplace used to mean reminding employees about personal phone calls and making sure that paper clips did not disappear. But with the computer revolution at work that began in the 1990s, checking on employee behavior at work became considerably more technical. The threats to data security, not to mention other threats for potential lawsuits (e.g., sexual harassment), are now more complex as well. New federal laws pertaining to financial and medical records have put increased pressure on companies to protect their data. But auditing user privacy cannot be done without input and buy-in from HR, notes a senior consultant with an IT security firm in Massachusetts. Whether the concern is in appropriate Internet usage or transferring files outside the company, HR may be the first to learn of a problem. Although the possibility of outside attacks on the computer network is a real problem, the threat of internal security breaches is even greater. The growing insider problem and the sheer volume of electronic messages coming into and out of a company (a large company easily processes one million e-mails per day) present HR with a challenge on data security policy development, implementation, and enforcement. HR may be asked to “identify personnel at risk” who might require more stringent watching, such as people who are sending out résumés. In many cases, people leaving organizations take advantage of the opportunity to take intellectual property with them. Security software identifying employee behaviors will always require HR involvement. Policy violations, banned sites, and stealing identity data are examples. Companies look very bad when sensitive customer or employee data are stolen or leaked to the public. Employees can easily resent the security measures and see the security as “Big Brother” watching. However, the growth of identity theft and spyware means that more employees have been personally affected by data security and are more likely to recognize the need for their employers’ data security efforts. At Spherion, HR publishes a “computer and telecom resources policy” that specifies appropriate usage and a code of conduct. Employees must read and sign the policy. The company also has an IT Risk Team with members from HR, accounting, internal auditing, and other departments. There are, of course, attempts at a purely technical solution to the problem. But it is clear that HR must have a role in balancing employee privacy with company risk management. A simple act, such as a bank’s loan officer burning credit information to a CD and selling the data to another bank, can undo all the technical protections. The human side—developing a policy, communicating it, helping people understand why it is needed, and applying it fairly—is the big piece for HR. What elements should a data security policy for a bank include?

Understanding Business
12th Edition
ISBN:9781259929434
Author:William Nickels
Publisher:William Nickels
Chapter1: Taking Risks And Making Profits Within The Dynamic Business Environment
Section: Chapter Questions
Problem 1CE
icon
Related questions
Question

Policing the workplace used to mean reminding employees about personal phone calls and making sure that paper clips did not disappear. But with the computer revolution at work that began in the 1990s, checking on employee behavior at work became considerably more technical. The threats to data security, not to mention other threats for potential lawsuits (e.g., sexual harassment), are now more complex as well. New federal laws pertaining to financial and medical records have put increased pressure on companies to protect their data. But auditing user privacy cannot be done without input and buy-in from HR, notes a senior consultant with an IT security firm in Massachusetts.

Whether the concern is in appropriate Internet usage or transferring files outside the company, HR may be the first to learn of a problem. Although the possibility of outside attacks on the computer network is a real problem, the threat of internal security breaches is even greater. The growing insider problem and the sheer volume of electronic messages coming into and out of a company (a large company easily processes one million e-mails per day) present HR with a challenge on data security policy development, implementation, and enforcement.

HR may be asked to “identify personnel at risk” who might require more stringent watching, such as people who are sending out résumés. In many cases, people leaving organizations take advantage of the opportunity to take intellectual property with them. Security software identifying employee behaviors will always require HR involvement. Policy violations, banned sites, and stealing identity data are examples. Companies look very bad when sensitive customer or employee data are stolen or leaked to the public. Employees can easily resent the security measures and see the security as “Big Brother” watching. However, the growth of identity theft and spyware means that more employees have been personally affected by data security and are more likely to recognize the need for their employers’ data security efforts.

At Spherion, HR publishes a “computer and telecom resources policy” that specifies appropriate usage and a code of conduct. Employees must read and sign the policy. The company also has an IT Risk Team with members from HR, accounting, internal auditing, and other departments.

There are, of course, attempts at a purely technical solution to the problem. But it is clear that HR must have a role in balancing employee privacy with company risk management. A simple act, such as a bank’s loan officer burning credit information to a CD and selling the data to another bank, can undo all the technical protections. The human side—developing a policy, communicating it, helping people understand why it is needed, and applying it fairly—is the big piece for HR.



What elements should a data security policy for a bank include?

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 3 steps

Blurred answer
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Understanding Business
Understanding Business
Management
ISBN:
9781259929434
Author:
William Nickels
Publisher:
McGraw-Hill Education
Management (14th Edition)
Management (14th Edition)
Management
ISBN:
9780134527604
Author:
Stephen P. Robbins, Mary A. Coulter
Publisher:
PEARSON
Spreadsheet Modeling & Decision Analysis: A Pract…
Spreadsheet Modeling & Decision Analysis: A Pract…
Management
ISBN:
9781305947412
Author:
Cliff Ragsdale
Publisher:
Cengage Learning
Management Information Systems: Managing The Digi…
Management Information Systems: Managing The Digi…
Management
ISBN:
9780135191798
Author:
Kenneth C. Laudon, Jane P. Laudon
Publisher:
PEARSON
Business Essentials (12th Edition) (What's New in…
Business Essentials (12th Edition) (What's New in…
Management
ISBN:
9780134728391
Author:
Ronald J. Ebert, Ricky W. Griffin
Publisher:
PEARSON
Fundamentals of Management (10th Edition)
Fundamentals of Management (10th Edition)
Management
ISBN:
9780134237473
Author:
Stephen P. Robbins, Mary A. Coulter, David A. De Cenzo
Publisher:
PEARSON