The document discusses data privacy concerns related to outsourcing human resources (HR) business processes. It defines HR business process outsourcing (BPO) and the types of HR processes that are commonly outsourced, such as recruiting, benefits administration, and payroll. It notes that contracts with outsourcing providers must address how personal data will be secured and accessed. U.S. regulations like HIPAA and SAS 70 provide security standards for protecting personal information when work is outsourced. While outsourcing can reduce costs, it also raises risks if an outsourcing provider has a data breach or employees access data improperly. The document considers the ethical implications of outsourcing HR functions that
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Data Privacy in HR Business Process Outsourcing
1. Data Privacy in HR Business Process
Outsourcing (HR BPO) Industry
Brenden Brown
CSC-208-901
5/7/08
2. What is HR BPO?
• Business Process Outsourcing (from Wikipedia.org)
• Transmission of processes along with the associated operational activities and
responsibilities, to a third party with at least a guaranteed equal service level
and where the client contains a firm grip over the (activities of the) vendor for
mutual long term success.
• HR Business Processes
• Recruiting, Talent Management
• Benefits
• Pension and 401K – Retirement
• Health and Welfare Insurance
• Enrollment, claims administration, long-term disability, life
insurance, etc
• Payroll Administration
Data Privacy in HR Outsouring Industry -
Brenden Brown
3. Data Privacy in HR BPO
Data Privacy/Security vs. Confidentiality
– Not all personal or HR data is confidential (SSN, DoB, address, or any Personally
Identifiable Information) since it’s the nature of the business
– Contracts with service providers must contain provisions that address the
use, sharing and disclosure of personal data and how the service provider keeps
that data secure
– Public financial services firms must have data security programs to protect
personal information against unauthorized access - i.e. Request forms, approval
processes, controls to review access
– Some companies outsource part of their business functions in other countries
that abide by a different set of laws than the U.S.
– Employees that have access to personal data have to go through extensive
background checks (includes credit checks, criminal history, drug test, etc) and
sign non-disclosure agreementsin HR Outsouring Industry - they work for
Data Privacy with the company
Brenden Brown
4. Data Privacy in HR BPO
Regulatory security requirements in the U.S
– HIPPA (Health Insurance Portability and Accountability Act)
• Business sets security standards for health information and mandates that
covered entities must impose privacy and security restrictions on “business
associates”
– SAS 70 (Statement on Auditing Standards No. 70: Service Organizations)
• Defines the professional standards used by a service auditor to assess the
internal controls of a service organization
• Relation to Data Privacy/Security
Data Privacy in HR Outsouring Industry -
Brenden Brown
5. BPO
Benefits of Outsourcing
Cost savings
Opportunity cost – help focus on marketing, product
development, advertising, etc
Employee Benefits
Education and focus on what it does best
Enable your executive and mid-level management employees to focus on
implementation of new strategically planned initiatives
Data Privacy in HR Outsouring Industry - Brenden Brown
6. BPO
Detriments of Outsourcing
Vendor’s policies with their employees may not be enforced
Can only rely on public accounting/auditing firms to be mediator between you
and your client
Auditor bias?
Your employee information might be available to unauthorized
individuals/technology
People lose jobs
Data Privacy in HR Outsouring Industry - Brenden Brown
7. Real Life Scenario
You’re the CEO of a company that outsourced the health insurance
benefit administration business of your company
You signed off and agreed to outsource the work
Security Breach Example
Outsourcing serivce provider transmitted your employee’s social security numbers
through a public network, leaking 500 of your employee’s SSNs to a public
domain (internet)
Employees of your company are worried that their social security and identity may
be compromised
Data Privacy in HR Outsouring Industry - Brenden Brown
8. Personal Beliefs
Data Privacy in HR Outsouring Industry - Brenden Brown
9. Ethical Framework Analysis
Categorical Imperative (First and Second Formulation)
Would you outsource the HR BP of your company if data privacy is a concern?
Universal Adoption – what if all companies outsourced their HR BPs?
Contradiction: Data wouldn’t be private if every business outsourced their HR
business processes
Outsourcing your HR BP is treating your employees personal information as a
means to an end – gain profit
Act Utilitarianism
Net effect of action – good or bad?
Rule Utilitarianism/Social Contract Theory
System of laws and enforcing the law are put in place by government and
businesses
Is it with the intention to increase the greatest total happiness?
Data Privacy in HR Outsouring Industry - Brenden Brown