Monday, September 08, 2008

Should companies vet individual employees for political or social conflicts as part of data security policy?

Could the current concern over consumer data security lead employers to screen job applicants for “hostile” political or social views that might pose a risk for customers?

Consider the concept of a “fraternal company” where the point of the company is to serve customers in a particular identifiable class. The class of customers could be any potential “controversial” group, ranging from LGBT people to members of evangelical denominations. Should an employer be concerned if it performs a “search engine reputation check” and finds political activity that would be inimical to the group?

I once worked for a company that specialized in selling life insurance to military officers. I became publicly involved in opposing “don’t ask don’t tell” in 1993 and later. When the company was purchased by a larger company, I transferred in order reduce the appearance of “conflict of interest” as I saw it. There never was any misuse of data, but I was concerned about “appearance” and there was arguably less “exposure” (especially to hardcopy data) at the new location.

Of course, companies merge, and often turn their operations over to outside vendors so that the data for various "fraternal groups" is consolidated and outside the scope of normal concern.

It’s also true that ten years ago and more, there was much less concern that consumer data could be stolen and misused if left lying around. It was acceptable then for companies to keep less secured copies of consumer data (especially in print), and this belief continued through all the data collection activities associated with Y2K. After 2001 or so, concern about consumer security grew very rapidly, and companies had to become much stricter about how their data was kept and who accessed it.

No comments: