The TRUST Model: Delivering on the Promise of Employee Data Privacy
Delivering on the promise of data-driven security for employees requires the TRUST model of communication: trust, regulation, usage, security and technology.
For employers, the evolving privacy regulation landscape — from the EU's GDPR to Brazil's LGPD to state-based initiatives in the U.S. — speaks to the need for privacy best practices that go beyond Data Privacy Day to provide consistent protection for employee personal data.
Cécile Georges, Global Chief Privacy Officer for ADP, believes businesses must demonstrate a C-suite commitment to privacy.
Communication is the foundation of a trust-based organizational initiative. While employee expectations and organizational obligations vary across industries and market verticals, developing the differentiator of TRUST requires these five key characteristics:
The TRUST Model
Transparency
"While employers are obligated to process the payroll of their employees and access the data that are necessary to achieve such a purpose, privacy laws are requiring companies to be transparent with their employees," says Georges. Here's why: Although the privacy notices mandated by the General Data Protection Regulation (GDPR) are now becoming part of the conversation in the U.S., there are still situations where the question around data ownership is not fully settled. In everyday communication, however, compliance with the letter of the law doesn't translate well if questions about HR collecting financial and personal data are met with silence. Transparency forms the first pillar of data-driven trust. By being upfront about what data is being collected, why it's being collected, and for how long it will be retained, businesses are expected to meet the requirements of most privacy laws and regulations across the globe in terms of transparency.
Regulation
Regulatory adherence is critical to success in leveraging employee data to develop business insights and strategies. It also represents part of the conversation between HR teams and employees — if enterprises fail to observe regulatory expectations in favor of speed or simplicity, employees may be left wondering what other obligations their employers are willing to ignore. In an increasingly aggressive talent marketplace, trust stands as a key determinant of employee loyalty, advocacy and commitment. It's in the best interests of employers to ensure their regulatory compliance policies are always up to date.
For example, under the California Consumer Privacy Act (CCPA), employers must now provide privacy notices to employees that specify what personal information will be collected and for what purposes it will be used, notes Forbes. And by Jan. 1, 2021, if data related to employees are no longer exempted from the full scope of the CCPA, employers will need practices in place that allow staff to opt out of the disclosure or sale of their personal information to third parties.
On a global scale, businesses must be prepared to comply with one-month GDPR access request timelines and, under Brazil's new LGPD, ensure that there's a legal basis for any data "processed on or related to individuals in Brazil, regardless of where the data processor is located," reports Digital Guardian.
The ideal partnership delivers comprehensive security by-design, which in turn supports employee confidence.
Usage
Developing trust in the organization means clearly communicating to employees how their personal data will be used (such as better workforce planning and scheduling, reduced timelines between benefit requests and approvals, etc.) while also detailing the measures in place to protect it.
Security
Encouraging employee trust means ensuring data security. While events like Data Privacy Day can help raise awareness around data security needs and provide resources that enhance overall protection, creating a trust-based culture requires security solutions that leverage best practices such as privacy by design, comprehensive retention and destruction of information policies. It also means ensuring compliance-based data collection that accounts for current legislation and helps to future-proof organizations against evolving regulatory changes.
For many organizations, the path to better security and enhanced employee trust starts with service providers — HR management partners with the expertise and infrastructure necessary to secure data at scale and bolster staff confidence. Selecting the right providers by asking questions about their technology stack, market expertise and their adherence to fundamental data privacy principles is key. The ideal partnership delivers comprehensive security by-design, which in turn supports employee confidence.
Technology
The final pillar of communicative trust in the data-driven workplace is technology. "The right technology enables you to act more quickly and derive more insight from your collected HR data," Georges says. This means finding solutions that "deliver service and drive returns via benchmarking and analytics to offer value both at the company and employee levels while complying with privacy requirements."
By comparing and contrasting aggregated and anonymized data, technology can help define existing corporate shortfalls and identify key trends to improve employee satisfaction and drive engagement. For this, infrastructure and intent matter. Organizations need in-house or outsourced technology solutions with clearly-defined benefits that can be easily articulated to staff.
Protecting employee information at scale means moving beyond the one-off benefit of Data Protection Day and differentiating your business with the TRUST model of employee-driven communication: transparency, regulation, usage, security and technology.
Visit the ADP data security page for security updates and best practice resources.
Related article