United States 
Canada (EN) 
México 
France 
Deutschland 
United Kingdom 
Quick Hits
- HR is the critical link between safeguarding a company’s reputation and championing employees’ data privacy rights.
- Codes of ethics adopted by HR organizations in the United States, Canada, and the United Kingdom provide meaningful guidelines for HR professionals when responding to incidents involving breaches of employees’ personal data.
- Key concepts include professional responsibility, continued pursuit of personal development, ethical leadership/civic virtue, being an HR person of strong character by treating all employees equally, building trustworthiness, and considering the best interests of employees.
HR professionals’ roles usually require engaging with employees’ sensitive personal information. As a result, an HR professional may want to consider the most ethical approach to providing access to this information. Organizations in the United States, Canada, and the United Kingdom that represent HR professionals have developed codes of ethics that can provide meaningful guidelines for interacting with this data, including the Society for Human Resource Management (SHRM), and the HR Certification Institute (HRCI) in the United States; the Human Resources Professionals Association (HRPA) in Canada, and the Chartered Institute of Personnel and Development (CIPD) in the UK. There are some commonalities among these guidelines that can provide a helpful guide for an HR professional trying to ethically navigate a breach of confidentiality.
1. Personal Responsibility
HR professionals can bring value to the organization they serve, by accepting the responsibility for their individual decisions. At all times, HR professionals may want to act as advocates for other HR professionals.
HR’s role is twofold here. First, to add value, an HR professional may want to proactively implement measures that protect employee data and ensure compliance with solid policies that reflect dedicated data privacy laws and regulations. Proactive implementation can ensure the ongoing trust of stakeholders and build a positive reputation as a credible partner in securing data.
Second, HR can be instrumental in advocating for a strong privacy-aware culture by ensuring not just that employees dealing with personally identifiable information (PII) are well trained; but by also ensuring that the underlying policies are practical for application in their specific business environment. For example, something as simple as a policy that states, “Call your IT in the event of a data breach,” might be extremely difficult on a manufacturing floor where employee phone usage is banned. HR professionals’ knowledge of the spiderweb of policies allows them to be good advocates for the value HR can provide by demonstrating and assisting their organizations through policy amendments and implementation.
2. Personal Professional Development
HR professionals may want to continuously strive to meet and promote the highest standards of competence through a commitment to strengthening their individual development of skills, knowledge, and experience—not only for the HR department, but also for the organization’s workforce. HR can set a standard of excellence by prioritizing regular training for employees on developing data privacy requirements and ensuring that these trainings are crafted at a level that all find approachable and practicable.
Also, HR professionals may want to strengthen their own skills by engaging with trainings, readings, and development courses that cover the basics of cybersecurity compliance when handling employee data.
3. Ethical Leadership
HR professionals support their organization’s current and future needs by personally maintaining the highest standards of ethical conduct.
Modeling safe, consistent, and aware data privacy practices is immeasurably valuable, and HR professionals may want to consider ways in which they can be trustworthy examples of good stewardship of employee’s personal data. In almost 88 percent of breaches, according to academic research, the issue was human error. While it may seem tedious to consistently place policies and other sensitive data into the correct and fire-walled document management system, this is an easy way an HR professional may consider actively contributing and modeling strong ethical leadership. By being careful with data, regardless of sensitivity, HR professionals can ensure that they and those who learn from them, are doing what needs to be done to protect the entire cyber ecosystem.
4. Equality
HR professionals support their organizations by promoting and fostering fairness for all employees.
Data breaches tend to happen due to unintentional human errors. Unfortunately, the consequences may fall heavily on the employee who made the mistake. HR has a vital role to play here. By understanding that these breaches are often simple mistakes, HR can advocate for fair and consistent application of policies, regardless of the employee’s position. This means ensuring that discipline and data privacy measures are handled fairly across the board.
HR can also promote a culture of understanding. Everyone makes mistakes, and no one should be expected to be perfect all the time. HR may consider reminding decision-makers to treat employees with empathy and compassion, especially during these kinds of stressful situations. This approach fosters transparency and trust, ensuring that all employees understand the expectations of them and feel supported even when errors occur.
5. Trustworthiness
HR professionals can foster high levels of trust by protecting the interests of many parts of their organizations through avoiding activities or actions that create actual, apparent, or potential conflicts of interest.
HR plays a crucial role in protecting employee data and building trust. By ensuring data security at every step, HR professionals may find that this helps prevent stigma and allegations of impropriety against themselves. Core HR practices—investigating complaints, providing training, and maintaining confidentiality—naturally align with fostering a culture of trust around data. An HR professional may want to consider including transparent communication about data policies and ensuring accountability when mistakes happen, as additional practical steps to building trust among stakeholders.
6. Best Interests of Others
HR professionals are tasked with considering and protecting the rights of individual employees, especially in the acquisition and dissemination of information. A great HR professional may demonstrate a commitment to the parties whose interests they serve by accepting responsibility to act on behalf and for the benefit of those they serve.
Collaborating with data privacy professionals is crucial for HR to champion employees’ rights while supporting the company’s strategic objectives. Knowledgeable HR professionals are best equipped to advocate for employees’ data privacy. HR professionals may consider these rights in discussions about policy changes, disciplinary actions, and company communications. By ensuring the entire team understands these rights, HR may have an opportunity to establish clear reporting mechanisms, maintain accurate records of system access, and ensure that access is granted only on a need-to-know basis. HR professionals presented with these opportunities may want to consider what is really in employees’ best interests to ethically assist decision-makers that are navigating through a breach of confidentiality.
Ogletree Deakins’ Cybersecurity and Privacy Practice Group will continue to monitor developments and will publish updates on the Cybersecurity and Privacy blog as additional information becomes available.
Follow and Subscribe
