How HR can help prevent data breaches

HR can play a key role in preventing disgruntled employees stealing company information, one lawyer tells HC

How HR can help prevent data breaches

In order to combat the threat of employees stealing information, HR really needs to work closely with their IT teams, says Lynne Lewis, partner, intellectual property at law firm Minter Ellison.
 
In particular, it’s important to ensure that there are comprehensive systems in place so that employees doing the wrong thing can be tracked, Lewis told HC.
 
Employers have the option of accessing technology which allows them to see if an employee has been downloading onto USB keys. Moreover, they can see if staff have been taking their computer home, hooking it up to devices and downloading from it or printing from it.
 
However, Lewis has come across organisations, quite often large ones, that don’t have sound IT systems in place.
 
For example, there may not be any logs kept of USB keys that are plugged in and out of workplace computers.
 
“If I’m running a case, I want to be able to show that the night before someone actually departed or the night before they hand in their resignation that a USB key was inserted into their work computer and that XYZ was copied over onto that,” Lewis said.
 
“HR must work with the IT teams to get good tracking and lockdown technology in place ahead of time.”
 
HR teams also need exceptional internal communication in place whenever an employee resigns, added Lewis.
 
“I’ve seen many circumstances where the information doesn’t necessarily get told to the correct people who might notice that something unusual is happening with people’s access to premises or documents during that period of time,” said Lewis.
 
“Had they known that person had resigned then they might have actually spoken up about seeing some strange things happening.”
 
It’s also important to be careful with document destruction policies because sometimes important information can be lost, said Lewis.
 
She cited one of her clients who introduced a 30-day policy whereby everything disappears after 30 days. “That can be really hard to recover,” she said.
 
“But they can put in place an exemption to that if they’ve got a basis for it in their system.” 
 
 

 

Recent articles & video

'Claustrophobic' employee files appeal against face mask policy

Employers call for consensus over 'soaring' energy prices

Victoria allocates $300 million more to workers compensation scheme

How to develop executive presence in your leadership team

Most Read Articles

CEO gets five-figure fine over workplace safety failure

Australian Business reacts to Labour win

'Complex' sexual harassment rules confuse employers – lead to hefty damages