Publisher's Desk|Canadian HR Law|HR Policies & Practices|Employment Law|The C-Suite|HR Guest Blog

The growing importance of security assessment methodologies and privacy risk frameworks

Moving new services online and facilitating new delivery models of HR services is critical to an organization’s success

By Jenn Behrens

In recent years, there has been significant advancement in the ability for organizations to deploy HR and workforce applications while empowering employees and business partners through new delivery models.

Employers are moving more services online and enabling employees in an increasing “self-service” approach. Similarly, organizations are outsourcing or leveraging business partners more and more to improve their service offerings to employees, and moving applications to the cloud.

These types of models and services impact everyone — the boardroom, employees, business partners, even employees’ personal homes. People are both demanding that services move online and are becoming increasingly aware of how their personal information is being handled as numerous data breaches have occurred across multiple industries and both the public and private sectors.

While moving new services online and facilitating new delivery models of HR services is critical to an organization’s success, the importance of a strong security and privacy framework is simultaneously heightened. An absence of robust privacy and security frameworks (that address data collection, handling and disposal procedures) increases the odds of internally based incidents which, in turn, increases the liability to the organization upon incident realization. 

Compliance expectations are being driven higher, while accountability for policies and practices is getting more severe and commonplace. 

Ensuring the confidentiality, integrity and availability of information technology systems requires robust expertise in risk assessment and management techniques. This expertise requires a diligent process and a team who understands, and is experienced in, rigorous security assessment methodologies as well as innovative privacy risk frameworks. Conducting regular risk assessment exercises and updating the organizational policy library is critical to compliance with the expanding network of relevant legislation and information security standards.

There are several initiatives and industry trends that have been underway over the past several years that not only strengthen security and privacy practices, but also focus on driving interoperability and improve the ability for an organization to provide new service delivery models to address the “access everywhere” demands of today’s workforce.

The National Strategy on Trusted Identities in Cyberspace (NSTIC), developed by the National Institute of Standards & Technology (NIST), is a strategy focused on improving privacy and security challenges for the government, private sector and individuals.

Important initiatives, such as the Federal Identity, Credential, and Access Management Program and the Privacy Risk Management for Federal Information Systems (NISTIR 8062), have been supporting this initiative and provide great guidance to organizations focused on building next-generation security and privacy models.

Also, in the commercial sector, a national, private sector-led, privacy-requirements framework has been created through the Identity Ecosystem Steering Group (IDESG).  

KUMA will be presenting at the 2017 Conference for the International Association for Human Resources Information Management (IHRIM) to address the growing importance of workforce privacy across industry. “Intersection of Workforce and Organizational Privacy in Today’s Global Workplace” will focus on the paradoxical position companies find themselves in with the collection of immense amounts of employee data coupled with the reliance on an increasingly virtual workforce utilizing mobile technology and social media.

In conjunction with Amanda Bell-Smith (vice-president at Fidelity Investments), I will review the relevant regulatory environment and provide the governance structure to support employee privacy in today’s work environment of mobile technology, collaboration tools and social media.

Jenn Behrens is a partner and executive vice-president, privacy, at KUMA. For more information, visit or

© Copyright Canadian HR Reporter, Thomson Reuters Canada Limited. All rights reserved.

Guest Blogger

Guest Blogger of the Week. Each week, we will feature commentary from thought leaders from across Canada and around the world.
(Required, will not be published)
All comments are moderated and usually appear within 24 hours of posting. Email address will not be published.