By Rodney J. Johnson, Prescient Consulting, Inc.
February 20, 2007

Organizations the world over are required to gather and maintain information on their personnel. Once gathered the information may be forgotten, seldom used, or worse, just left plain lost. Some organizations, however, use this information as a management tool.  Those organizations that do have much more experience in administering their personnel information because they must not only store it but must also allow quick access to it and easy maintenance of it.  Those organizations also know something about how to protect their personnel data.

The more an organization deals with personnel information the more important personnel information  is to that organization, and therefore the more an organization needs to understand the principles of properly and securely managing that data.  Luckily, the principles of protecting personnel data are not complicated.  Management that treats personnel information as an important resource and an asset that must be protected can quickly learn the principles and create a system for implementing them.  The following points outline some of the issues that organizations need to beware of when gathering, maintaining, allowing access to, updating, and storing information.

Fairly and Lawfully Processed
Organizations should only collect that information that they are legally allowed to collect.  Furthermore it is good practice to refrain from collecting data that may be of minimal management value while exposing the employee to potentially great privacy risk.  By limiting the amount of information on personnel the company gathers, organizations can limit their legal liability from potential leaks and losses as well.

Processed for Limited Purposes
Information that is collected on personnel should be used for clearly defined organizational goals and management purposes.  There should never be any question in an organization as to when personnel information is fair game for use in organizational research and management.  Information collected under one pretense and then used for other purposes may also be construed by employees who wish to limit the use of their personal information as misuse.

Accurate and Up To Date
Information on personnel should be updated as often as necessary to keep the information pertinent relevant and useful.  Old information not only ages to the point where it is not useful for management purposes but also becomes a liability in terms of risk management within the organization.  Organizations can no longer rely on data that has not been maintained properly for understanding the nature of the personnel in their organization in terms of skill sets, job performance, and potential future HR needs. Old information may be just plain wrong, leading to potentially incorrect HR usage and erroneous management decision making.

Not Kept for Longer Than Necessary
Conversely, information that is no longer needed is nothing more than a privacy risk.  Organizations can safely get rid of it and need to create rules for disposing of personnel information that is past its useful life.