IN THIS ELECTRONIC AGE of .com everything, there has been much written about privacy of customer information. Whether it’s the wireless transmission of financial information when paying a tab in a restaurant, making purchases at a cash register of a clothing store, or the shopping online, the potential for breach of security and data loss is phenomenally high.
We’ve all read newspaper accounts of recycled, but unscrubbed hard drives making their way from third-party providers of banks to the marketplace loaded with customer data, and stories of computer hacking of high-profile companies who store financial data for online customers, but I have heard few complaints about privacy in the workplace.
Employee Information Is Always at Risk
During my tenure as an independent technical writer where I worked for companies on a project basis, I witnessed some of the most brutal exposure of employees’ personal information. In one instance, while working in the payroll department on the verge of snapped apart and outsourced, a lack of security allowed for the potential loss of personal information of a high-level executive who, if I recall correctly, was the President of the Canadian operation.
To explain: It was the role of a small team of technical writers to gather information about the company’s payroll processes, which were varied and complex, and document them for the new payroll staff, which included garnishment for non-payment of child support. The tech writing crew worked on-site two or three days a week, and out of their home offices the other days. Driving the 100+ kilometres was too costly for the third-party/outsource firm, so that meant that paperwork travelled with us, along with our laptops containing payroll information. While I cannot speak for the other two contractors, but I know that when the contract was complete, I shredded all paperwork and deleted electronic files, but the risk of data loss was present during the entire length of the contract.
Back in the day, we had to photocopy documents, sometimes waiting in line to do so
These days, personal information is shockingly easy to expose and share. Back in the day—around the time thermal paper fax machines were making appearances in offices, for those keeping score—we had to walk to a photocopier that was located in a public area (which was usually manned by an accounting clerk making several copies of dozens of invoices, blotters, and expense reports), and you had to stand and wait your turn. If you were attempting to copy something personal, like, perhaps an updated resume, you would scurry back to your desk to wait it out. The payroll and human resources folks had their own copiers, in secure locations, restricted to few, to keep employee information from prying eyes.
Now, the ability to emailing confidential documents and insider information is much easier when you can simply attach it from the comfort of your cubicle. The Send button is a mouse-click away. And with the convenience, we have become careless.
Even carefully guarded information is accessible
Recently, an office manager bragged that she has access to more personal information that someone at the highest level of our company. Okay, she might require this access to fulfill the duties of her job, but she is not an employee. A third party, a company who services our company employs her. It made me uncomfortable. HR folks have always been privy to details, but now bits and pieces of your personal data are shared around the world, and apparently at home, in your office.
It makes me wonder if individuals are as protective of personal, employee information as they used to be. We treat information more freely even in our private lives, as was the case when a school guidance counsellor told me that he has access to my high school records, as well as my son’s records. Something told me he may have already peeked.
Are employees too careless with information because it’s easily accessed?
Over the years, I have been privy to shareholders’ accounts, mutual funds, bank accounts, investment records. I have come across all of this information in my daily work and I know disclosure could cost me my job. When I overhead a colleague mention the name of a prominent Canadian whose name and amount appeared on a credit report she was working with, I wondered if we are too quick to divulged private information because it’s readily available.
If we, as customers , demand security of our data in this age of electronic data processing—online banking, online shopping, where websites use mother’s maiden name, once reserved for credit card and personal banking security, as authentication for password resets—we are too naïve for our own protection. If we believe that any of our personal information is safe, no matter how well guarded, we are too easily fooled.
If employee information is not safe in the hands of the employer, how can we believe that customer information will be?
Cutting my teeth in mutual fund administration in the 1980s made be hyper-aware of the need for client confidentiality, but by the time I switched careers and starting working for a software developer in the mid-90s, privacy practices had already loosened. The developers consistently used client data from a production environment to test the validity of reports, and other client-specific programming. At the time, I remember thinking that the financial holdings of our client’s clients I should not be available by anyone walking by the office printer, but I don’t recall anyone vocalizing concern about it.
Fast-forward to 2010 to a retail pharmaceutical company where I required real-life data to create a training scenario. In skips a trainer with a report she printed while visiting a store near her home. Rows upon rows of patient names, doctor names, and prescribed medication stared back at me. When I saw the drug Viagra listed, I realized that not only was I privy to this information, but so was anyone in the office who looked at this report as was the trainer who lived in the same community as the patients listed.
In none of these situations had a company I worked for—as a contractor, temporary employee, or permanent staff member—ever been presented with a policy regarding this sharing of client and employee information other than a blanket statement.
My personal information must be on hundreds of retail store databases, several financial firms, not to mentioned dozens of websites. How often had my personal information found its way onto a printed report when testing the company’s software? I wonder.