By Protecting Client Data, Consultants Protect Themselves

By Lin Grensing-Pophal Jan 29, 2008

In consulting, information is everything. But if that information is not protected, HR consultants and their clients could experience huge losses. In addition, lawsuits and liability claims might threaten the viability of a consulting business.

HR consultants can take steps to protect the consultancy’s data and assure clients that their data and competitive information is safe and confidential. However, while most consultants are aware of the value of back-up systems and virus scanning software, those are just starting points for ensuring the safety of the consultancy’s and the clients’ information.

Be Judicious in Capturing Data

At the outset, HR consultants should be thoughtful about the information they gather and store on computers.

Brian Lapidus, chief operating officer of Kroll Fraud Solutions in Nashville, Tenn., says there are several simple rules to keep sensitive data from falling into the wrong hands:

    • Do not collect information that is not needed.

    • Reduce the number of places where data is retained.

    • Grant employees and contractors access to sensitive data only on an as-needed basis, and keep current records of who has access to the data.

    • Purge the data responsibly once the need for it has expired.

While consultants need to secure the information in their possession, they also need to ensure that the data they have is really needed, and not extraneous, says Lapidus. “Thieves can’t steal what you don’t have,” he says.

Savvy consultants can use data protection as a competitive advantage, says Chris Dittus, PHR, founder of August Communications Consulting in Austin, Texas. A consultant can be a much more valuable commodity to a potential client, says Dittus, by telling clients, “this is how I protect your information, this is what I provide to my clients so they feel comfortable that their information is going to be secure and that it’s not going to be lost or used for other purposes.”

Practical Approaches

While technology offers protection for data, HR consultants are most at risk in terms of the simple, everyday actions they take, or fail to take, when working with client information.

Susan Stockton, senior vice president and managing director of Corporate Growth Consultants in Wylie, Texas, says, data protection “is a hot topic with my clients.” To provide the best possible data security to clients, Stockton uses the same approach to information security she used while working for larger companies. These common-sense approaches do not call for expensive technology:

    • Client data is not discussed or sent over the Internet.

    • Client data is not left on the desk unattended.

    • Client data is stored in an encrypted setting or on memory sticks that can be locked separately in a secure place when not in use.

    • The office or building has an intruder alarm system for additional security.

But technology can play an important role in responsible client-data protection. John Livingston, a security expert and CEO of Absolute Software, based in Vancouver, Canada, says a combination of written policies, business processes and technology are necessary to protect data from being compromised:

    • Identify and control access to sensitive information.

    • Recognize what types of sensitive data exists, identify who needs access to specific information, and create different levels of access or security clearance.

    • Create rules on how information is stored, accessed and transported.

    • Stress common-sense guidelines on laptop computer use and device security. Avoid accessing information in public places such as airports, buses, Internet cafes or unsecured wireless networks.

    • Establish rules for storing and destroying old data.

    • Identify areas of vulnerability in advance, and develop a contingency plan for recovery should a breach occur.

Laptop computers present additional problems in terms of security. Their very portability and convenience makes them subject to theft or loss, which puts data at risk.

Leo Bletnitsky, president of Desktop Valet, a division of LBA Networking Inc. in Las Vegas, has been involved in information technology management and security consulting for more than 13 years. “HR consultants travel to numerous client offices, often plugging their personal laptops into the networks of their clients,” he says. “Due to this activity and the confidential nature of the information they access, computer security is a major concern.” Desktop Valet employees’ laptop computer security practices are as follows:

    • Ensure that laptop computers have current anti-virus subscriptions.

    • Have an active personal firewall to protect laptops from clients’ networks.

    • Regularly scan laptops for spyware.

    • Use company laptop computers for business purposes only.

    • Do not allow family or friends to use the company laptop.

    • Have a complex password to log on to the laptop and make sure to change the password for the user “administrator,” which on many computers is left blank.

    • For client data that is particularly sensitive, consider using encryption software to protect the data in the event a laptop is lost or stolen.

Ultimately, a heightened awareness of the value and sensitivity of the information that HR consultants maintain on clients is the first step in developing systems and processes to protect that information.

Lin Grensing-Pophal, SPHR, is a Wisconsin-based business journalist with HR consulting experience in employee communication, training and management issues. She is the author of Human Resource Essentials: Your Guide to Starting and Running the HR Function (SHRM, 2002).

SHRM WEBCASTS

Choose from dozens of free webcasts on the most timely HR topics.

Register Today

Job Finder

Find an HR Job Near You

SPONSOR OFFERS

Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect