Actu
Data Privacy Day Comment - Employee Privacy Is Often Overlooked
January 2022 by Oliver Cronk, Chief IT Architect, EMEA chez Tanium
With Data Privacy Day approaching tomorrow, we thought you might be interested in the below comment from Oliver Cronk, Chief IT Architect, EMEA at Tanium around employee privacy.
“When cyber-attacks occur, we often hear about the impact breaches have on customers, including the amount of customer data accessed and what type of credentials were stolen. But employee privacy is often overlooked as the scale of the customer numbers create more compelling headlines. But the impact of cyber incidents can be far more invasive for employees, due to the nature of the personal data stored on internal systems.
?
Of course, there has always been sensitive employee information collected by employers, but due to the pandemic medical information has now come into the equation. There are concerns around health data, such as vaccination status and booster information, being recorded on corporate systems that could be breached. When balancing GDPR obligations, it can be difficult for organisations to avoid this situation and to remain compliant. Particularly in the face of rapidly changing requirements such as the need to collect vaccination status which can drive the use of less secure solutions such as spreadsheets.
?
With such sensitive data being stored, it is a requirement for organisations to have greater visibility and control over their data to minimise the likelihood of breaches occurring. IT teams should have a clear strategy on where data should be stored and how it is secured, regardless of whether they are using a cloud or on-premise environment, so that less vulnerable parts of their systems and problematic devices can be identified and fixed before an incident takes place. With this level of visibility and control, unusual activity and unauthorised access to a company’s systems can be detected at an early stage which is crucial."
