2 minute read
What are your obligations to protect employee data??
Data protection is crucial to any business, and the construction industry is no exception. Unfortunately, while employers are typically well-versed in their obligations to employee health and safety, many are unaware of their obligations to protect employees’ data. As a result, employee data breaches cause distress and financial loss for employees and significant costs to the employer in legal liabilities. Robust data protection policies and procedures are therefore essential to protect all parties.
One of the most significant risks associated with protecting employees’ data is cyber security threats. Cybercriminals can target employers to steal employee data. They will exploit this information for personal gain by impersonating the employee, gaining access to their bank accounts, or selling the data to someone who will.
In Australia, employers must comply with the Privacy Act 1988 and Fairwork Act 2009, which set out specific requirements for handling personal information. The recent spate of cyber-attacks and data breaches has the federal government focused on a review of privacy laws.
The primary emphasis of this reform is expected to be on consumer personal data rights. However, it’s also anticipated that there will be a significant shift in how employers can collect, use, and disclose employee information. In addition, a recent Forbes article estimates that 43% of all cyber-attacks are aimed at small to medium businesses and that cybercriminals see these businesses as easy targets because of their lack of security expertise.
Establishing strict data protection policies and procedures is the first step in protecting employees' data. You can start by implementing secure storage and transmission methods, firewalls, and antivirus software.
Training employees on data protection is critical. Regular training sessions on malicious email identification and proper handling of sensitive data are essential to creating a data protection culture.
Limiting data collection from employees is also essential in protecting their privacy. Only relevant, necessary and reasonable information should be collected and stored. Additionally, employers must destroy or de-identify personal data collected on unsuccessful job applicants.
Another risk associated with protecting employees' data is unauthorised access. Data access should be limited to those with a legitimate reason to access the information. It should include strong passwords, multi-factor authentication, permission-based access and dedicated locked areas for any physical records.
Regular evaluation of third-party access, such as payroll contractors and financial advisors, is another vital task. Employers must understand who can access their data, whether jobs are being outsourced to others, where geographically those jobs are carried out, and whether secure individual login credentials are utilised.
In conclusion, today's businesses of all sizes are vulnerable to cyberattacks and data breaches. Therefore, employers must proactively safeguard their employees' personal information. Neglecting to do so may result in severe financial loss, regulatory penalties, reputation damage, and legal liabilities. By prioritising employee data protection, employers can safeguard their employees' personal information and protect their legal standing.
