Data protection regulators will increase focus on HR systems

Protecting the confidentiality of personal data and employee records will become a major challenge for enterprises and IT suppliers.

Protecting the confidentiality of personal data and employee records will become a major challenge for enterprises and IT suppliers.

Richard Mutter, group head of HR technology at HSBC, told the HR Tech Europe conference in Amsterdam that it was inevitable that regulators would take a tougher line on data protection in the future.

"We will look back and say, 'I can't believe that regulations were not stricter, and that employees did not take a tougher line'," he said.

Mutter urged IT suppliers to be proactive in developing technologies that will help businesses keep their data confidential.

It was no longer acceptable for cloud software suppliers to be surprised that European companies had data protection issues with storing data in the US, he said.

The security techniques used in retail to protect credit card data, for example, could be adapted to protect employee data, Mutter suggested.

"These days it would be inconceivable when you get a credit card slip for it to show all the digits on your credit card. But when we deal with employee records, why don't we mask the data so workers in a call centre only see the data they need to see?" he said.

Businesses also need tools that will help them scramble personal data, while retaining its internal integrity, so data can be used to test applications under development without risk of disclosure.

This is a complex and time-consuming job, but businesses do not get much support from their IT suppliers, said Mutter.

A major concern is that the current generation of HR systems do not support different regulatory requirements required by different countries to protect data.

"All over the world there are different rules on how long to keep employee data. In Hong Kong, for example, you have to delete the data from ex-employees after seven years. That is a very complex problem if your software does not support that," he said.

Multinationals would like to see IT suppliers offering technology that was certified compatible with the regulations of each country, said Mutter.

"I would like to see the vendors adapt their technology, not because we ask them to, but because they know that a regulation is changing, and they are already prepared for it," he said.

But he urged businesses not to react in a knee-jerk way by ruling out handing their employee data to a third party.

"I hear a lot of people who worry about the cloud model. They say how can we be sure a software-as-a-service vendor will look after our data properly," he said.

"But it's a case of let he who is without sin cast the first stone. Do we really think we look after employee data that well ourselves? I am not so sure."

HR systems will increasingly be designed with built-in capabilities to protect confidential data, said Mutter.

"There will be a situation in future where HR systems have no download capability and employees will not be able to print data," he said.

"I imagine there will be call centres where employees will be frisked for paper. I expect we will move to paperless systems because paper is an employee breach waiting to happen."

Read more on Cloud computing software