The right to privacy versus HR – On collision course

Is HR ready to keep watch and ensure that data pertaining to employees is kept safe, confidential and secure?


Scenario 1. Candidate goes for an interview. The recruiter takes her through the role at hand and they continue the discussion. At the fag end of the discussion come the questions –‘Tell me about your family.’ ‘What is the salary you expect?’. If the candidate happens to be a nubile young lady or a newly married woman, then she may find herself fielding questions like – ‘Do you intend to get married? Do you plan to have kids? What if you are required to relocate post marriage?’

Scenario 2. Human resource department stores employee records, in hard and soft formats. All manner of information right from the mundane — age, educational background to organisation specifics, such as yearly performance rating and transfer history. What if this repository was ever compromised or worse still, maliciously hacked into by cyber terrorists holding this data to ransom?

In the first scenario, it may be argued that questions give an insight into an individual’s background and do aid decision-making. After all, aren’t interviews all about asking those probing questions?

This is where the issue lies. Probing questions are justified and indeed an essential mechanism to judge the veracity of the candidate, but surely not at the cost of the individual’s right to privacy.

Data cannot be compromised

An interview seeks to determine whether a candidate is equipped with the knowledge, skills and attitude inter alia competencies suited to succeed in the given role. The questions, hence, should be centred around assessing those exact parameters. A behavioural event interview (BEI) done the right way goes a long way in ascertaining the thought process of the individual. There are a battery of psychometric tools available to figure out the nature and personality of the individual. So, how do the marital plans of a candidate or their spouse’s transferable nature of job add value to the selection process?

For far too long we have patronised such questions, but these are not necessary for the role. Queries related to salary, marital status and family plans unnecessarily intrude an individual’s privacy. On the contrary, these can give rise to the spectre of personal biases in the recruiter and may ultimately result in rejection of an otherwise competent candidate.

Societal norms are changing at a fast pace. What was acceptable five years back is a no-no today. Thanks to movements, such as #metoo, the working population is aware of what is acceptable behaviour and what is not, and same goes with the questions thrown at candidates during an interview as well. A situation where a male recruiter asks the female candidate a question about her personal life may even light a conflagration and put lives and careers at risk.

The aspect of sanctity of individual privacy goes beyond the confines of the interview cabin.

Human resources teams capture large volumes of data about employees in the daily course of business, be it in the name of acquiring information that may help the organisation at different points in time, or generating flags that can be used to create employee touch points. However, the underlying question always is, whether the data is safe.
Earlier this month, photography giant Canon fell victim to Maze, a ransomware that managed to steal critical business data and employee data, and even attacked its e-mail, Microsoft Team and other internal systems. The threat is all too real now! Statista, a market and consumer data company, reports that 2019 itself saw 188 million cases of ransom attacks on individuals and organisations globally.

While it is a constant game of one-upmanship between the IT departments of the organisations and the trojans, malware and ransomware of the world, it cannot be denied, that all the data today that human resource teams maintain, if compromised, can lead to a catastrophe.

Data Privacy Bill

Close to home, the Data Privacy Bill 2018 awaits in the wings. The bill, which is yet to be enacted into a law, brings a far more degree of onus on the ‘data fiduciary’, that is, the organisation (Sec 11). It clearly mandates that the consent of the individual is the key and this consent can be withdrawn (Sec 12, Cl. (1), (2). Should this Act come into force, the sanctity of individual data, its gathering, processing, retrieval and subsequently deletion, will all become paramount.

How should the HR team of tomorrow act?

Three things need to be at the top of the mind for HR professionals:

1. Collection of data – Any data collected from an employee, no matter how small or personal, is to be treated with care and caution. The HR professional will have to collect the data with a written disclaimer that such data will be used for specified purposes and is being collected from the employee of his free will and that the employee reserves the right to withdraw the consent.

2. Maintenance of data – Any employee data collected therein should be maintained in encrypted form and all reasonable measures must be be taken to ensure that such information is classified as ‘confidential’ and adequate information security measures, including access to data will have to be maintained.

3. Deletion of data – Data has a life span as well. Organisations usually maintain employee records for a period of seven years before they are destroyed. This is key. Data disposal, whether hard or soft copy, needs to be comprehensive. Once such data is deleted, no part of it should be produced or retained in any form or shape by the ‘data fiduciary’.

The human resources department/team is the conscience keeper of the organisation. Its members hold the scales of justice and equity in the company. Hence, it is all the more a necessity that the HR team be aware and change itself according to the changing scenarios, norms and regulations, so as to lead the way for the organisation.

The right to privacy of individuals and the sanctity of their data is here to stay. It will soon have the backing of the law. Are we, as HR professionals, ready to deal with the change?

(The author Rishi Basu is a senior HR professional with 14 years of experience. Until recently, he was heading the human capital team of a digital solutions firm in Mumbai.)

Comment on the Article

Please enter your comment!
Please enter your name here

4 × four =