Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security and Privacy in HRIS

Published byDelphia Karin Waters Modified over 7 years ago

Similar presentations

Presentation on theme: "Information Security and Privacy in HRIS"— Presentation transcript:

1 Information Security and Privacy in HRIS
CHAPTER 16 Information Security and Privacy in HRIS

2 INTRODUCTION A Great Deal Of Confidential Information Employees are Captured and Stored by Organizations Employee Personal Details Pay And Benefits History Medical Records Disciplinary Records Data Are Stored Electronically And Transmitted Across Networks. Increasing Integration Of HRIS Has Made Information Security Management A Complex And Challenging Undertaking

3 Information Security in HRIS
Protecting Information In The HRIS From Unauthorized Access, Use, Disclosure, Disruption, Modification, and estruction Objectives of Information Security Protect Confidentiality, Integrity And Availability Of Information.

4 COMPONENTS OF INFORMATION SECURITY
Three Main Principles Of Information Security Confidentiality Integrity Availability The HRIS Is Composed Of Three Components Hardware Software Communications

5 COMPONENTS OF INFORMATION SECURITY
SOURCE: Wikipedia (2007)

6 LEGAL REQUIREMENTS FOR INFORMATION TECHNOLOGY
Personal Information Protection And Electronics Document Act (Canada) Supports And Promotes Electronic Business By Protecting Personal Information That Is Collected, Used Or Disclosed Security Breach Notification Law (California, USA) Requires Organizations To Notify Customers Or Employees When Unencrypted Personal Information May Be Compromised, Stolen Or Lost. Computer Misuse Act 1990 (UK) Proposed To Make Computer Crime (e.g. Hacking Or Cyber-terrorism) A Type Of Criminal Offense.

7 LEGAL REQUIREMENTS FOR INFORMATION TECHNOLOGY (Cont.)
The European Union Data Protection Directive (EUDPD) Requires That All EU Members Must Adopt National Regulations To Standardize The Protection Of Data Privacy For Citizens Throughout The European Union. Health Insurance Portability And Accountability Act (USA) Sets National Standards for Electronic Healthcare Transactions and Requires Healthcare Providers, Insurance Companies And Employers To Safeguard The Security Of Health Information Of Individuals.

8 THREATS TO INFORMATION SECURITY
Human Errors In Data Entry & Handling Damage By Employee Disgruntled & Ill-informed Employees: Critical Role Of HR Misuse Of Computer Systems: Unauthorized Access To Or Use Of Information Computer-based Fraud Viruses, Worms & Trojans: Cyber Terrorism Hackers Natural Disasters

9 BEST PRACTICES IN HR INFORMATION SECURITY
Adopt A Comprehensive Privacy Policy Store Sensitive Personal Data In Secure Computer Systems And Provide Encryption Dispose Of Documents Properly Or Restore Computer Drives And CD-ROMs Build Document Destruction Capabilities Into The Office Infrastructure Conduct Regular Security Practice Training (Canavan, 2003; David, 2002; Tansley & Watson, 2000)

10 ADDITIONAL BEST PRACTICES IN HR INFORMATION SECURITY
The Careful Selection Of Staff with Regard to their Honesty and Integrity Raise Information Security Awareness and Ensure Employees Understand Corporate Security Policies Institute Measures To Address The Personal Problems Of Staff, Such As Gambling And Drug Addictions, Which Might Lead Them Indulge In Abuse For Financial Gains Provide Access To Effective Grievance Procedures Since The Motivation For Much Computer Abuse Is Retaliation Against Management Kovach, Hughes, Fagan, and Maggitti (2002) Grundy, Collier, and Spaul (1994)

11 INFORMATION PRIVACY Privacy Is A Human Value Consisting Of Four Elements (Kovach & Tansey, 2000): Solitude: The Right To Be Alone Without Disturbances Anonymity: The Rights To Have No Public Personal Identity Intimacy: The Right Not To Be Monitored Reserve: The Right To Control One’s Personal Information Including The Methods Of Dissemination Of That Information.

12 CONTROLLING ACCESS TO HR DATA
Administrative Controls Logical (Technical) Controls Physical Controls Security classification for Information Access control

13 INFORMATION PRIVACY AND HRIS
Concerns Types Of Employee Information that Can be Collected And Stored In The System Who Can Access And Update The Information Considerations Collect and store information Based On Sound And Valid Business Reasons Collect only information which is Necessary, Lawful, Current, And Accurate

14 HRIS SECURITY BEST PRACTICES
Train Users On How To Securely Use And Handle The Equipment, Data, And Software. Train Employees To “Log Off” Personal Computers After They Are Through Using Them. Do Not Allow Passwords To Be Shared. Change Passwords Frequently. Run Software Through A Virus-detection Program Before Using It On The System. Ensure That Backup Copies, Data Files, Software, And Printouts Are Used Only By Authorized Users. (Noe et al., 1994; Pfleeger, 2006)

15 HRIS SECURITY BEST PRACTICES
Make Backup Copies Of Data Files And Programs. Ensure That All Software And Mainframe Applications Include An Audit Trail (A Record Of The Changes And Transactions That Occur In A System, Including When And Who Performed The Changes). Use Edit Controls (Such As Passwords) To Limit Employees' Access To Data Files And Data Fields. Employees Take Responsibility For Updating Their Employee Records Themselves Via The Self-service System. (Noe et al., 1994; Pfleeger, 2006)

Download ppt "Information Security and Privacy in HRIS"

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Hipaa privacy and Security

Hipaa privacy and Security
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.

Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Security Controls – What Works

Security Controls – What Works
Project Mgmt and HR Mgmt Advice and HRMS Implementation

Project Mgmt and HR Mgmt Advice and HRMS Implementation
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.

Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.

Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Session 3 – Information Security Policies

Session 3 – Information Security Policies

Similar presentations

Ads by Google