Here to Help: HR Data Security 101 (Protecting Employee Data)

Written by Jessica Haas on August 24, 2016

Posted in Here to Help, Human Resources, IT + Security

“Here to Help” is a support column written especially for Formstack’s awesome, loyal customers.

Human resources departments have a heavy weight on their shoulders when it comes to collecting and protecting employee information. Much of the information these professionals collect from employees is personal and sensitive, so it needs to be treated differently than other types of data. (In other words, it needs to be placed behind a series of security measures that make it extremely difficult for outsiders to get their hands on it.)

As the world has become increasingly more digital, the threat of cyber attacks that could put employee data at risk has risen. But employees still trust and expect their employers to safeguard their electronic records. Employers should take this responsibility seriously and arm their HR departments with the tools needed to heighten cybersecurity.

If you’re collecting employee information via Formstack forms, here are a few steps you can take to ensure you’re making employee data security a priority:

Create an HR Folder and Set Access Permissions

One good way to increase HR data security is through limited access to sensitive data. With Formstack, you can ensure limited access by creating an HR folder (or folders) and setting specific user permissions. This keeps employee data in reach of only the select few who need to handle it.

To create an HR folder and set its permissions, you must be signed in to an admin account. Once logged in to the appropriate account, follow these steps:

  1. Go into the Forms tab and scroll to the bottom of the left-hand column that houses your current folders.
  1. Select “Create New Folder.”

New Forlder to ensure HR data security

  1. Give your folder a name (e.g., HR Forms) and select “More Folder Options” under the folder name field.

Formstack - New Folder Options

  1. When the Folder Settings page pops up, locate the “User Permissions” area and select “Give a User Access.”

Formstack - Folder Permissions for online forms data security

  1. Type a user’s name and select “Give User Permission.”

Formstack - Granting Permissions

  1. Find the user’s name in the list under “User Permissions.” By default, the user’s access will be set to “view submissions.” To change this, select “Edit” and choose to allow the user to view + edit submissions or be a folder admin. Then, select “Set Permissions.”

Formstack - Edit User Permissions

Formstack - Set User Permissions

Note: If you want to set user permissions on an existing folder, go to the “My Profile” icon in the top right corner of the screen and select “Users.” When the list of users’ names pops up, select a specific user. You will see a set of various permissions tabs under each user. Select “Folder permissions” to manage user permissions for specific folders. To add permissions for an additional folder, click the “Add Folder Permission” dropdown in the top right and choose the desired folder.

Formstack - Manage Folder Permissions

For more information on setting permissions, check out our Permissions FAQs doc.

Collect Employee Data via an SSL-Enabled Form

SSL (Secure Sockets Layer) is a standard security protocol for providing secure communications on the Internet. This technology provides the authentication and encryption of traffic between your browser and Internet servers.

When you enable SSL on your HR forms, all form submissions (or information collected) will be encrypted through the browser. This is another layer of employee data security you can use to keep employee information as protected as possible. To make sure SSL is set up on your form, simply go to Settings > Security and ensure “Yes” is checked next to “Use SSL.”

Formstack form security to protect your employee data

For more information on this level of HR data security, check out our post on securing your form with Internet browser protection.

Encrypt Employee Data Stored in the Database

When you collect employee information via a Formstack form, the information submitted is stored in the Formstack database. To make sure that information stays secure, Formstack gives you the option to encrypt the stored data.

Formstack’s database encryption works by generating public and private keys that are stored with your form and require you to set an encryption password. The public key encrypts the data saved in the database, the private key decrypts the data, and the password you set encrypts the private key. Your encryption password is not saved on the server in plain text, so no one can access or decrypt the information without knowing your encryption password.

You must remember your password. If you lose your password, even Formstack staff cannot access it. We can reset the database, but we will not be able to retrieve your data. Additionally, once you’ve enabled database encryption on your form, it can only be disabled or updated if you know the current password.

To arm an HR form with data encryption, go to Settings > Security (as shown above) and select “Enable Data Encryption” at the bottom of the box. When prompted, set your password and click “Enable data encryption.”

For more information on this level of HR data security, check out our post on securing your form with data encryption.

Form security isn’t the only Formstack feature that can benefit HR professionals. Click below to learn more about Formstack’s top human resources solutions.