382 Human Resources Management for Public and Nonprofi t Organizations
Data loss prevention goes by a lot of names: extrusion prevention,
content filtering, information leak prevention , and data leak prevention. The
basic tasks of identifying sensitive data, monitoring where they go, auditing
who has access to the information, and restricting that access can happen
anywhere on networks, including end points, databases, mobile devices,
network gateways, and fi le stores (Wiens, 2007).
NASCIO, an organization that represents state chief information
offi cers and IT executives and managers from state governments across
the United States, recommends that states develop a marketing campaign
and provide training to make state employees aware of IT security. It also
recommends that states include contractors. Whether a contractor will be
performing IT or non - IT - related tasks, most contractors will use a state ’ s
IT resources, including handling state government information. NASCIO
recommends requiring contractors to sign IT security and acceptable - use
acknowledgments. Crafting contractual provisions requiring compliance
with state IT awareness and training requirements can guard against secu-
rity incidents that originate from contractors ’ use of state IT resources
(Whitmer, 2007).
Many employees are subject to electronic and other forms of high -
tech surveillance. Information technology and systems make the invasion
of privacy inexpensive and widely available. Organizations should have
policies and procedures in place that govern the use and dissemination of
information that may be considered private. This is especially important
for employees working in HRM departments who have access to insurance
information and medical records.
Adams (1992) identifi es some procedures that organizations can imple-
ment to secure privacy and maintain confi dential information. Employers
should train users to handle equipment, data, and software securely; train
employees to sign off personal computers after use; not allow passwords to
be shared and require that they be changed frequently; ensure that backup
copies, data fi les, software, and printouts are used only by authorized staff;
and ensure that software and mainframe applications include a record of
any changes and transactions that occur in the system, including when and
who performed the changes. In addition, there should be no personal record
system whose existence is secret; employees should have the right to access,
inspect, review, and amend information about themselves; there must be
no use of personal information for purposes other than those for which it
was gathered without prior consent of the employees; and the managers
of systems should be held accountable and liable for any damage done by
systems, their reliability, and security.