It’s every tech company’s worst nightmare, a data breach that then becomes a PR disaster. With so much private information gathered in HR and benefits technology, it can be way more than a nightmare for HR professionals. Facebook’s recent data drama was essentially caused by a user error – which should be a wakeup call for HR professionals as most data breaches result from employee blunders. Let’s take a closer look at the recent news about the 50 million users’ data Facebook let fly out the window.
The conflict – where it all began
It’s 2007 and Mark Zuckerberg announces that Facebook is going to be opening its data doors to third party applications to build their programs on top of the Facebook social platform. For example, think of all the applications that allow you to “Log in With Facebook” – which means that particular application is using your Facebook profile and all the data that comes with it. Here comes a Disney analogy: Think about the end of Aladdin when Jafar gets really excited about becoming an all-powerful genie, but then slowly realizes that with that power comes enslavement to the lamp.
The obstacle – the little quiz that started it all
Back to Facebook, everything was going swimmingly in this data tradeoff between third party applications and Facebook. Facebook gets more access to users’ online lives and outside app developers got access to that sweet, sweet data. Over the weekend it became clear how this process can be used for major data privacy mining. Long story short, a professor at the University of Cambridge developed a quiz called “thisisyourdigitial life” which collected the data of 270,000 people who installed it, along with all the data about their Facebook friends, totaling 50 million people. He then gave all this data to another company, Cambridge Analytica which is technically a violation of Facebook’s rules.
The resolution – what you should do
Major data breaches have already hit close to home; in 2017 Anthem reported a data breach involving almost 20,000 members. Do you want to see your company’s name as the next newspaper headline? Despite the fact that HR professionals may not be versed in IT-speak and technology breach best practices, they have to be “woke” on how to keep employee records safe. So, what should you do?
- Make sure you are doing your due diligence in selecting an HR tech partner that can provide you will proper controls, monitoring, and auditing systems to ensure safety across the board. Be sure to include these questions in your RFP.
- If you are currently on a cloud-based system, be sure the benefits process ensures safety by performing annual background checks, annual HIPAA and PHI data training, internal audits, and risk management training.
Your benefits technology needs to have the necessary checks and balances to ensure that your employee data is protected. For example, at Businessolver we have processes that ensure data security and safety including SSAE 16 audits, internal controls, IT risk assessments, and annual third-party financial audits. Plus, we have white-hat hackers (the good guys) on staff that ensure our system is safe and sound.
The first step to safety is understanding how/where the issues can arise. Take the Facebook story as a cautionary tale with clues as to how you could be at risk. If you need more information on how to keep your employee’s data safe, take a look at our data safety e-book below.