Skip to main content

Data Lockdown: How to Ensure Data Security and Privacy Amid Changing Work Dynamics

Data is the crown jewel of nearly all businesses today. Regardless of industry, companies are constantly collecting data, storing information and utilizing it to drive business decisions. This reality means that strong data compliance and security — or standards and practices to protect data from unauthorized access, corruption and misuse — are absolute must-haves for all organizations. It’s imperative for business leaders to look at how they’re protecting data and take responsible ownership of the information they’re collecting on behalf of customers.

As custodians of personal information, mobility managers face two primary data-related challenges:

  • Protecting mobile employees’ Personal Identifiable Information (PII), such as passport information, banking details and more
  • Ensuring compliance with all relevant local and country data laws in every location where companies are doing business, which can vary widely and creates a need for expertise

Finding solutions to those two challenges is a necessary part of providing exceptional experiences for mobile employees — not only do they want a smooth relocation from home to host destination, but they need to trust they aren’t sacrificing their personal information in the process.

Based on decades of experience handling personally identifiable information for our clients and their mobile employees, here are some insights on the current trends shaping data security and compliance, a look at what the future holds, and what this means for your global mobility program.

 

Current Influences Shaping Data Security and Compliance

As with virtually every other aspect of business, much has changed in the world of data compliance and security over the past two years. Let’s take a look at a few key trends shaping the data security landscape today:

  • COVID-19 Pandemic: The pandemic has reorganized how and where employees work, with many conducting business outside the office. This creates multiple data implications for companies:
    • Consider employees logging on from home, or wherever they are at the moment, with their own internet in an environment that hasn’t been optimized for security. There are new risks in this situation making it difficult to control the flow of personal information, including the use of personal computers and devices, sending data over public internet connections and using new applications that can create security vulnerabilities. Companies have adapted to this new environment quickly by creating new telework policies, encrypting data between company-owned and remote work locations, limiting employees to company-owned work devices, and utilizing virtual private networks (VPNs) to allow remote access to company resources while securing information. As remote and hybrid work models become the norm post-pandemic, companies should establish or continue to refine their work-from-home data security protocols.
    • Companies will need to decide how they will track, use, share and delete employee-location data for business travel and from remote work locations. This is a key component of leadership decision-making that needs to be established to ensure data privacy and security concerning employee whereabouts.
  • Focus on Privacy: Data security and privacy are related but not the same. Security refers to how your information is protected, while privacy relates to the control you have over your personal information and how it’s used. The focus of the last 10 years has largely been on cybersecurity, but we’re starting to see an increased focus on privacy, particularly around individuals’ data protection and demands for transparency in how data is utilized. Companies must now ensure they are handling data both securely and with individual privacy top of mind.
    • Question to consider: How are you communicating the importance of data privacy and your approach to privacy with your mobile employees?
  • Role of Employees: Given the workplace changes brought on by the pandemic, organizations are realizing the need for all employees to buy into the importance of data security and compliance. Taking security training once during the onboarding process isn’t enough anymore; employees need to play a more active role in ensuring data security and privacy. Companies should take the time to explain security protocols and their importance to employees repeatedly and make it simple for employees to escalate any security issues. A security program can’t function properly without the involvement of every employee.
    • Tip to consider: Give your employees the tools and training they need to flag any potential data breaches and to encourage them to become security experts regardless of their role.
       

Forecasting Data Security and Compliance Trends

Global companies with strong talent mobility programs should be able to speak to these three key areas of their data security and compliance:

  • Trusted Supply Chains: Global companies can do everything possible to maintain confidentiality and security, but they fall short if the relocation management company and supplier partners they are working with aren’t doing the same. Global companies should be asking their relocation partners what data security processes and standards they have in place to create trust in data security throughout the supply chains. Data security in talent mobility can’t be done on an island and companies must work with service providers to ensure this is a collaborative effort, with mobile employees in mind.
    • Tip to consider: Take the lead with your relocation partners and discuss your expectations and standards for data security to create a trusted supply chain. For example, at Graebel signing data privacy agreements is a standard process to ensure we’re on the same page as our clients about data security.
  • Mature Risk Management: Organizations must have formal processes in place to identify and mitigate risks before they happen. A critical piece of any good risk management program is ensuring board members understand key company data risks and the steps being taken to prevent those risks, as much as possible. If issues do arise, mobility managers should be aware of the response protocol in place to help identify and address issues early, mitigate the consequences and help ensure they don’t happen again.
    • Questions to consider: Where can your organization tighten up security measures? What changes can you make to ensure your procedures are effective for years to come and not just a temporary patch during the pandemic?
  • Customer-Centric Compliance: Data compliance and security protocols can’t be developed in a vacuum. Global companies should listen to mobile employees and make sound compliance commitments, and take a people-first approach, by selecting relocation service providers based on what employees need.  
    • Tip to consider: Put yourself in the shoes of a mobile employee. How would you like to be assured that your personal information is protected? What privacy measures would you like to have in place to feel comfortable during the relocation process? Use this thought process to guide your policies and procedures.
       

Implications to Consider for Global Mobility

As stewards of personal information, helping people through life changing moments, talent mobility professionals should put mobile employees at the core of all data security and compliance decisions. The following factors are important for any global mobility company or program:

  1. Personal Information: Throughout the relocation process, companies — and relocation management company partners — collect personally identifiable information about mobile employees, including where employees live, where they are relocating, detailed information about family members, and financial data. Ask yourself, or your relocation management company, how you’re protecting this data to meet and exceed mobile employee data compliance and security needs.
  2. Global Regulations: Brush up on global security and privacy regulations in all locations where you operate to ensure you’re in compliance with the requirements of each country, especially in regard to the rights of individuals. Evolving laws, like the General Data Protection Regulation (GDPR), will impact your data operating procedures. Furthermore, identify “gold standard” regulations, like GDPR, and go above and beyond them to earn additional trust from your mobile employees.
    • Tip to consider: Aim to be two steps ahead instead of playing catch up. This might mean anticipating changes to global regulations.
  3. Talent Demand: We’re seeing a drastic increase in the demand for talent across industries, creating a sense of empowerment for employees to ask for changes they want in their roles. Right now, it’s hard to retain and train a data security workforce because it is such a specific skill set and that challenge isn’t expected to improve anytime soon. Organizations must invest in the talent they have and ensure data security team members have the tools they need to grow and develop those skills.

Managing and protecting company and mobile employee data requires diligence and expertise. Graebel’s core values of truth, love and integrity and our focus on people first-mobility drive our commitment to protecting our clients’ data and continually reevaluating the data compliance and security measures we’re taking to ensure they meet and exceed industry standards. 

About the Author

John Matis is Chief Information Security Officer for Graebel Companies, Inc. With 20 years of experience in public and private sector security leadership, convergent physical and information security, cloud security, global compliance alignment, legacy security transformations and data privacy, John is responsible for developing strategies for data security and compliance at Graebel and ensuring alignment with business objectives and needs.

Profile Photo of John Matis