HR, Big Data and avoiding security pitfalls
Port of Spain, Trinidad, December 19, 2017
“It’s not the amount of data that’s important. It’s what organizations do with the data that matters. Big data is becoming very valuable to human resources (HR) practitioners because they can know radically more about their businesses and directly translate that knowledge into improved decision making and performance,” said Rakesh Goswami, TSTT’s Executive Vice President, Strategic Alliance, Enterprise and Tobago Operations. Goswami also noted that these benefits, such as better HR strategy planning and improved HR administration and employee services, also come with responsibilities. Goswami was speaking at the 2017 Commonwealth Telecommunications Organisation’s (CTO’s) Human Resources and ICT Forum in a session that explored the use of best-practices to address the security challenges arising from the use of big data by HR practitioners.
Erasmo A. Mbilinyi, Manager Human Resources and Administration, Tanzania Communications Regulatory Authority (TCRA) explained that data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites, as well as to protect data from corruption. Mbilinyi noted the importance of having a strong security system in place because security breaches can have devastating consequences due to the large number of persons who may be potentially affected. He advised that keeping only relevant data reduces cost and the data should be valuable for analytic, marketing and relationship purposes. Organizations also need to ensure that their risk-reward ratio is balanced toward reward and the data is being used in a way that brings real benefits to the organizations.
Roger Richards, TSTT’s Chief Technology and Information Officer shared a five-step data protection model that can be used to implement a best-practice security system. The 1st step is to identify the data to be protected, why and any regulatory requirements that need to be considered; the 2nd step entails the documentation of data protection processes which are policy backed and systems enforced to ensure conformity by all employees across the organization; People are often the weakest link in a security system, so the 3rd step requires employees to be assessed and verified to be trustworthy. External checkers should also be used to ensure the documented processes are being followed and there are no security breaches; the 4th step recommends the use of strong encryption technology, as well as key partners who fully understand the regulations that affect the business and who have an invested interest in the success of the security system; and lastly the data protection system should be proactive, tailored and constantly evolving to stay current. Richards also noted that it’s good practice to have unscheduled security audits.
Letsatsi Joseph Mofokeng, Skills Development Facilitator at Telkom South Africa noted that just because data is accessible, this does not make its use ethical and organizations must balance the use of data with honouring their commitment to protecting the privacy of their stakeholders.