I haven’t written about data privacy in a while but I could not help it. The “little” issue in the UK in the last couple of days has brought the topic back up. The UK Taxman has “misplaced” 2 CDs full of personal and banking details of about 25 million people. To make matters worse the data includes almost every child in the country.
Names, addresses, dates of birth, employment and bank details all went missing when two CDs containing the information were mislaid.
Alistair Darling told the House of Commons that the discs containing the highly sensitive information failed to arrive after they were sent in the ordinary internal mail between government departments.
But what there is more!
The Chancellor admitted that HMRC had made the same mistake on several occasions in the past six months.
Given most HR/Payroll systems have the same sort of data, it might be a good time to check a few things.
- Who stores the backup tapes
- Are the contents of the backup tapes encrypted
- How are the backup tapes transported between your site and where they are stored
- How secure is storage at both of these locations
- Who in the IT department has access to the HR/Payroll system and do they really need to
Last thing you want is for all of your employee data to fall into the wrong hands.