Today's world is much less tidy: employee data may live on company IT or in a 'cloud' system - possibly based in another legal jurisdiction and probably managed by a third party; the nature of the data held may be very different, and the ways in which an employer can make use of it are far more complex.
Furthermore, the rapid uptake of social media for both personal and corporate ends has left ambiguity about the ownership of social media content and (in effect) contact lists, and therefore about social media rights and obligations of both employees and employers.
Failure to stay on top of this could expose companies to unacceptable risks: of litigation, of data protection issues and of regulatory fines, as well as reputational implications.
A recent survey on "Rethinking HR for a Changing World", conducted by KPMG with the Economist Intelligence Unit indicated that HR Executives rated "adopting new technologies" as one of the top areas of focus for HR. The HR technologies that were becoming more common were wide-ranging; but, unsurprisingly, the majority of the areas uncovered revolved around better use of cloud services, data and social media.
In fact, 69% of those surveyed highlighted web-based and mobile HR platforms as a key focus, closely followed by technology to capture performance reviews and other workplace reports (68%). Use of social network sites to recruit talent featured highly on the list (65%), in addition to using social media to reach alumni (54%).
Other technologies drawn out by the survey included workforce data analytics for business intelligence, rated as a focus area by 57% and delivering business applications via Software-as-a-Service and other cloud models, picked by 49% of those surveyed.
These evolving technologies can bring very significant benefits to the work environment, with today's employees expecting the same power and convenience in their work life that smart phones and apps have brought to their social life. However this more open and socially connected world brings risks that need to be understood and managed.
Given this context, there are a few key areas where HR leaders need to engage with the CIO, and potentially the General Counsel and CFO/Chief Risk Officer as they look to revise their systems, processes and policies to bring them into the big data era.
Employee data and data protection
As corporate IT systems evolve to the 'cloud' - i.e. to internet enabled systems - the security and physical location of employee data needs to be looked at differently. Some data may well be governed by local regulations that are inconsistent with the legal frameworks in the country where the data is hosted.
As with customer data, the vulnerability of employee data to malicious attacks and identity theft can have a far-reaching impact on corporate reputation, on revenues and the share price. More obliquely, it may provide the entry point for cyber attacks looking to engineer access to broader corporate systems and intellectual property.
The answer is not just an IT issue - IT controls will do little to protect employee or corporate data in the face of weak policies on passwords, or clear desks, or if physical security measures are not robust. Thought too needs to be given to what data requires which level of protection and/or specific management.
Employee use of social media
Just like their employees, more and more companies are making use of social media in their marketing. Furthermore, whilst customer contacts, professional networks and so on, cultivated on LinkedIn, Facebook, Twitter and beyond, are managed and maintained by the individual, they do expose businesses to risk. However, it is not at all certain who owns the social media profiles of employees.
It's safe to say that the issue of social media ownership is not as clear as employees may believe and this case suggests that, perhaps contrary to employee expectations, social media profiles cultivated during working hours belong to the employer, not the employee.
Recommendations for HR directors
HR directors who are not already thinking hard and in conversation with their colleagues in IT, the CFO's office, the legal department and risk management teams, really need to kick those conversations off. It will not take much to go wrong to put your company the wrong side of data regulation, the law, or even the vast array of (social) media.
HR policies need to evolve to cover these new 'big data' applications and corporate and personal use of social media. But one size will not fit all. For some, a shared moral compass may be more effective in driving effective policy than a long manual.
The HR director has a pivotal role and your colleagues will rely on your support: whether that is the IT team trying to control and limit security exposures, the marketing organisation trying to develop a corporate presence on social media or the legal and risk teams trying to ensure corporate compliance and manage risk. HR policies will set the boundaries and framework, define the values and deliver the training and compliance checks needed to ensure the business remains on track.
Steve O'Neill, CFO of EMEA Strategic Operations at EMC and David Eastwood, Partner, KPMG UK
