Learning Methods
A traditional classroom couples on-site learning with the added value of face-to-face interaction with instructors and peers. With courses and exams scheduled worldwide, you will be sure to find a class near you.
Highly Interactive
On-going interaction with instructor throughout the entire classroom event
Interaction with peers/professionals via face-to-face
Components (May Include)
On-site instructor-led delivery of course modules, discussions, exercises, case studies, and application opportunities
Supplemental learning elements such as: audio/video files, tools and templates, articles and/or white papers
E-course materials available two weeks prior to the course start date; printed course materials ship directly to the event location
One + Days
Varies by course ranging from one to multiple days
Technical Needs
Specific requirements are clearly noted on the course page
Virtual Classroom
Ideal for those who appreciate live education instruction, but looking to save on travel. A virtual classroom affords you many of the same learning benefits as traditional–all from the convenience of your office.
Highly Interactive
On-going interaction with instructor throughout the entire virtual classroom event
Interaction with peers/professionals via online environment
Components (May Include)
Live online instructor-led delivery of course modules, discussions, exercises, case studies, and application opportunities
Supplemental learning elements such as: audio/video files, tools and templates, articles and/or white papers
E-course materials available up to one week prior to the course start date. Recorded playback and supplemental materials available up to seven days after the live event.
Varies by course ranging from one to multiple sessions
Technical Needs
Adobe Flash Player
Acrobat Reader
Computer with sound capability and high-speed internet access
Phone line access
A self-paced, online learning experience that allows you to study any time of day. Course material is pre-recorded by an instructor and you have the flexibility to view content modules as desired.
Independent Learning
Components (May Include)
Pre-recorded course modules
Supplemental learning elements such as: audio/video files, online quizzes
E-course materials start on the day of purchase
Optional purchased print material ships within 7 business days
120 Days - Anytime
120-day access starts on the day of purchase
Direct access to all components
Technical Needs
Adobe Flash Player
Acrobat Reader
Computer with sound capability and high-speed internet access
Contact Sponsor
Paul Thompson
Phone: 1 44 01614322584
Contact by Email | Website
Sorry, you can't add this item to the cart.
You have reached the maximum allowed quantity for purchase in your cart or the item isn't available anymore.
Product successfully added to your cart!
View your cart
Continue shopping
Please note our website will be down this Friday, November 5 from 9pm ET – 11pm ET for routine maintenance. We apologize for any inconvenience.

Operation Data Protection

Technology in today’s workplace is about, among other things, making life easier for everyone. By using today’s creative tech tools, employees will be more engaged and productive, and corresponding positive bottom-line results will follow — or so the theory goes.

In many ways, tech tools are, in fact, making things easier and producing better results.

Yet when it comes to creating effective technology use policies, making the wrong moves can get in the way of progress, opening a proverbial Pandora’s box of legal and other problems — especially with the exposure of sensitive customer and employee data. With social media, email, instant messaging and other data-rich communications on the rise, experts and human resources leaders say a thoughtful approach to getting it right is essential.

So when it comes to managing employee use of technology at work in an effort to maintain data security, what’s a CHRO to do?

Michelle Lee Flores, a Los Angeles-based labor and employment partner at Akerman LLP, says it mainly means adopting and communicating policies that consistently remind employees of the sensitive nature of confidential company data and information.

“Providing periodic reminders to employees with specific examples of what they should not get ‘too relaxed’ about when relaying information to others is important,” she said. For example, Lee Flores says that as it relates to certain industries, and the impact on job performance that technology and social media plays, many employers may have to ban the use of personal cell phones while employees are “on the clock.”

London-based Dean Chapman, a risk management executive in cyber risk with Willis Towers Watson, says that there are known and well-documented vulnerabilities and risks associated with the usage of new, innovative technologies, and in his view, it’s pleasing to see that organizations are starting to take steps to understand and mitigate their exposures in this area.

Chapman explains that employers have access to a wide and increasing range of security solutions (employee monitoring and advanced threat protection, end-to-end email security and mobile device management, etc.) that assist with the protection of their fixed and mobile assets. Additionally, companies are slowly beginning to link these security solutions with the implementation and ongoing management of a comprehensive and measured cyber-security culture and awareness strategy.

“While a cyber threat can never be fully mitigated, companies are now beginning to appreciate the link between user behavior/culture and effective cyber-security,” Chapman said.

At the same time, he adds, a majority of organizations must, in this era, maintain a social media footprint. But the key to mastering the murky world of social media usage and engagement is in trusting your employees to do the right thing. But how? By creating an “open, honest and trusting cyber culture,” he said.

“Humans, in particular the younger generation who are considered ‘digital natives,’ are inquisitive and like to find workarounds,” he said. “So banning the use of or restricting access to social media will often encourage bad behaviors which, in turn, may present unnecessary risk.”

According to Detroit-based Sheryl Simmons, chief human resources and compliance officer at employee health and benefits company Maestro Health, the key may be in embracing technology, not limiting it.

“Rather than establishing policies forbidding usage while at work, employers should take the opportunity to harness the power of technology and social media to align usage with their company’s culture,” Simmons said. “Doing so can help build a collaborative culture that provides guidelines for embracing transparency, professionalism and accountability.”

The Challenge of Remote Work

Another challenge in managing today’s technologies is the trend toward more flexible work arrangements and remote workforces. WTW’s Chapman says that when it comes to technology and remote work, policies without sufficient implementation, distribution (availability to the general workforce), enforcement and a structured review process are ineffective and will do nothing to protect the organization.

With that, policies need to be supported by a repeatable training and awareness strategy and should include aspects of physical security as well. He says that some companies are using a range of technical controls (full disk encryption, use of virtual private networks, etc.) to secure their mobile workers, but appear slow to provide any formal training to further enhance workforce awareness of the cyber threat when remote or mobile working.

“Remote working brings physical security concerns to the fore, such as ‘shoulder surfing’ and, of course, physical theft [of devices],” he said, adding that physical security of company assets is often overlooked as being part of the wider cybersecurity strategy. But companies must remember that hackers/thieves will often take the path of least resistance, which includes device theft and damage if an easy opportunity or target is presented to them.

Then there is the added challenge of enforcing corporate policies offsite, without getting into legal hot water by breaking individual privacy laws.

Beth Zoller, attorney and legal editor at XpertHR in New York City, says that an employer has a legitimate interest in enforcing corporate policies offsite if an employee is engaged in work-related communications and using the employer’s network or employer-provided resources, such as a laptop or mobile device.


“An employer should make sure to provide clear notice to employees of any surveillance and monitoring it is conducting so employees are fully aware that they have a limited right to privacy,” she said. Additionally, in engaging in any surveillance and monitoring, an employer must be sure to comply with any relevant federal or state laws.

“While it is essential for an employer to protect its own interests and information, it must strike a delicate balance when weighed against employee privacy expectations,” she said.

“It is a delicate dance to say the least. But if individuals are ‘on the clock,’ then they must comply with corporate policies,” Akerman’s Flores notes.

Transparency vs. Employer Rights

One offshoot of the rise in workplace technology use is the issue of employees posting their salaries and company reviews on sites like While it may make employers uncomfortable, it’s a fact of life today, one that requires a gentle approach — and could be a potential benefit in gauging corporate culture, according to the experts.

For instance, Simmons says that for company cultures that embrace feedback and transparency, such reviews can arm HR teams with valuable insights from both the employee and candidate perspective. Unfortunately, she adds, the posted information doesn’t necessarily have to be truthful to be published for public consumption.

“Human resources and marketing teams can partner together to monitor postings, measure trends and identify actionable steps that may need to be taken to address honest and reasonable employee feedback,” she said of how to take advantage of these online sites.

Flores explains that some states have laws that specify that employers cannot prohibit employees from talking about their compensation. Employers also need to be mindful of the National Labor Relations Board’s (NLRB) Section 7 rights, which gives employees the right to engage in protected concerted activity — that is, to act together to try to improve their pay and working conditions.

“It also impacts what employers may do if someone is engaging in such protected activity,” Flores said. “So discussing matters on sites that allow this type of sharing can impact the NLRB.”

Having said that, Flores adds that she’s also aware that information on Glassdoor-like sites is generally anonymous and identified only by position.

“For these reasons, it would be difficult to determine who is disclosing what,” she pointed out.

XpertHR’s Zoller expands on Flores’ view regarding the right to engage in protected activity, adding that the National Labor Rights Act and various state laws provide employees with the right to freely discuss their wages.


“If an employer views a negative or false posting, it should certainly attempt to respond online,” Zoller said.

From an employer point of view, WTW’s Chapman concedes that the anonymous aspect of sites like Glassdoor make it very difficult to monitor. In reality, he said, all that employers can do is make reference to the acceptable use of or publishing to websites such as Glassdoor in their employee handbook or information security (and social media) policies.

“Ultimately, this again comes down to culture: Organizations should instead promote an internal ‘whistleblowing’ function whereby employees can post/discuss any aspect, negative or otherwise, of their work/company, etc., in a safe and confidential manner — but one that remains internal, not on the World Wide Web,” he said.

Internal Messaging Risks

In moving from external websites to internal messaging platforms such as Slack and Yammer, the latter could potentially become places where employees might form groups with special interests and hobbies that may teeter on inappropriate or exclusionary — driving clique-like behaviors that could be a risk on several levels. How can employers discourage that type of scenario from happening?

“Once again, reminders that while people are on the clock, the focus should be on work,” Flores suggests. She says that would mean reminders with regard to the manner in which the communication takes place, and that when communicating with co-workers while at work, employees must comply with appropriate workplace interactions and various rules, including not engaging in sexual harassment or harassment based on any protected characteristic or engaging in discriminatory conduct.

“Reminders that people should be inclusive and that all workers are equal can go a long way in the workplace,” she said.

Zoller adds that an employer has a clear interest in monitoring internal networks for signs of discriminatory, bullying or harassing behavior that may land the employer in hot water and facing claims of discrimination and harassment, as well as abusive conduct. In fact, she proposes that a person in IT or HR should be tasked with undertaking random monitoring of such networks to observe any improper behavior. Additionally, an employer should take immediate action if it learns of such behaviors on an internal network.

“An employer needs to recognize that even though it is an internal online environment, an employer may face the same measure and risk of liability, so it is best to address such issues head on,” Zoller said.

Protecting Employee Identity

Finally, there is the issue of protecting employee identity, another potential risk specific to HR and the rise in technology, whether it is cloud-based or housed in on-premises hardware.

According to Zoller, employers need to make sure to implement security measures for employees using networks, including two-step authentication, enhanced security measures and protective software, as well as the encryption of sensitive information. In addition, an employer should make sure that individuals in the organization are only privy to private and confidential information on a need-to-know basis and that the employer takes steps to shield such information and keep it protected.


“Employers should also be aware of state data privacy laws and relevant obligations,” she noted.

WTW’s Chapman thinks that employers need to do more in this area, noting that from his experience, employers are taking very few proactive steps to protect employee identities. He cites that many organizations actually provide short biographies and other insightful descriptions of their employees on company websites and social media platforms, such as LinkedIn.

WTW’s Chapman thinks that employers need to do more in this area, noting that from his experience, employers are taking very few proactive steps to protect employee identities. He cites that many organizations actually provide short biographies and other insightful descriptions of their employees on company websites and social media platforms, such as LinkedIn.

“I appreciate that, for many, this is necessity, as it allows the company to showcase the capabilities of their teams and people in order to win new clients [and such],” he said. “However, this ‘data leakage’ is precisely what hackers — good and bad — use to target your business and your people.”

Often referred to as Open Source Intelligence (OSINT), freely available information obtained via the internet provides malicious actors with a treasure chest of data with which to craft a possible attack, often in the form of a spear-phishing email, Chapman explains.

On the upside, this is an area where employers will look to focus more effort in the coming months and years, he said. In particular, automated online cyber footprint assessments can provide a company with an overview of what information relating to them is available online.

“This assessment can and should be used by companies and employees to address and remediate any data leakage, further reducing the threat landscape for all involved,” he said.

Simmons noted that companies use employee data for a variety of purposes, from evaluation during the hiring process through payroll and benefits administration. To that end, a policy should be specific to the business, industry and state jurisdictions. HR, compliance and security and privacy teams must work collaboratively to create best practices that both protect the employee data and educate the employee in their role of that protection.

“Employees trust us to protect that data,” she said. “More importantly, every organization has a legal responsibility to do so.”

Tom Starner

Tom Starner is a freelance writer with WorldatWork.