District attorney Anne Weying leaves classified documents describing dubious experiments at a bio-engineering corporation open on her laptop at home. Her fiancé, journalist Eddie Brock, reads the documents and leaks them in a live televised report, resulting in Weying losing her job. What more could HR have done to stop this sensitive information falling into the wrong hands?
With remote working already commonplace thanks to the Covid-19 pandemic, and likely to remain widespread post lockdown, there is always a risk of unauthorised individuals inadvertently or deliberately accessing confidential information, says Shakil Butt, founder of HR Hero for Hire. So HR must do more, he says: “The people profession has a critical role to play – just having data protection policies in place to safeguard company information is not enough.”
HR should make sure employees’ responsibilities to keep information secure are clear, especially those working remotely, says Butt: “Individuals should make sure that when they’re not using their devices – including smartphones – they lock their screens manually, but also set them up to lock automatically after a period of inactivity so that there is a ‘safety net’ in place.”
Where a data breach does occur, HR’s initial reaction should not necessarily be dismissal of the employee: “There may be organisational failings or mitigation but, in every instance, there will always be learnings.” Ultimately, Butt adds, HR needs to act swiftly by carrying out a fair investigation and introducing changes to prevent the situation happening again.