In today's digital landscape, employers must take action to protect employees' personal data from the rising threats of data breaches and data broker activity.
Getting your Trinity Audio player ready...

Author: Richard A. Egleston

null

With corporate data breaches and data broker activity at an all-time high, personal information is more vulnerable than ever. As Cybersecurity Awareness Month unfolds, Human Resource teams must focus on educating employees on the growing importance of online privacy and cybersecurity in our interconnected world. This article covers the increasing threat of data breaches, the rise of data brokers, employees' privacy concerns and proactive steps employers can take to help their workforce regain control over their personal information.

The growing threat of data breaches

The digital age has revolutionized how we manage and share personal information, but it's also introduced new risks. In the first half of 2024, there were 653 reported data breaches impacting over 1 billion victims — a 490% increase compared to the same period in 2023.1 As these incidents grow in frequency and severity, the importance of data privacy awareness and stronger personal cybersecurity protections becomes undeniable.

Employee personally identifiable information adds another layer of vulnerability in the workplace. HR and benefits administration technology handles large amounts of personal data — from census information shared with insurance carriers to payroll details processed by third-party vendors. A recent example is the WebTPA breach, where over 2 million benefit plan members had some of their protected health information stolen.2

Nearly 1 in 4 US consumers are victims of identity theft,3 and 75% have had their Social Security numbers exposed due to recent breaches.4

Each transfer of data in an HR ecosystem increases the risk of exposure, making employees more susceptible to identity theft and fraud. Nearly 1 in 4 US consumers are victims of identity theft,3 and 75% have had their Social Security numbers exposed due to recent breaches.4 These statistics reveal a concerning trend: increased personal data exposure leads to more targeted scams and higher risk of corporate cybersecurity breaches.

The rise of data brokers

Adding to the complexity of data privacy, data brokers pose a significant threat to personal privacy and data security. Those entities collect, analyze and sell vast amounts of personal information, often without explicit consent. Globally, there are an estimated 5,000 data brokers, with 1,711 registered in the US.5 By 2029, the industry is projected to reach a market size of $561.54 billion.5

Data brokers aggregate information from various sources, including public records, social media and online transactions, to create detailed profiles that can include contact information, purchasing habits, health records and financial history. They sell this data to marketers, advertisers and other data brokers, creating a complex web of data exchange. The sheer volume of personal data available is staggering.

Unlike data breaches, where stolen personal information cannot be easily removed from the Dark Web, data broker websites can remove personal information upon request— although having it removed can be a difficult and time-consuming task. Fortunately, some identity theft protection services handle data removal requests.

The employee perspective

Employees often feel frustrated with the lack of control over their personal information. According to Pew Research, 81% of Americans are largely concerned and confused about how companies use their data, and 73% of Americans believe they have little to no control over what companies do with their data.6 This growing concern for privacy drives demand for more education and awareness as well as better data protection practices, both personally and professionally.

Empowering employees and employers

While regulatory frameworks are gradually evolving to address data privacy concerns, individuals shouldn't wait for legislation to act. Employees can take proactive steps to safeguard their personal data by staying informed about evolving cyber threats, using strong passwords, enabling two-factor authentication, using anti-tracking tools, and being cautious about reading privacy policies and sharing personal information. Identity theft protection plans and data broker removal services can also help reduce exposure to potential threats.

81% of Americans are largely concerned and confused about how companies use their data, and 73% of Americans believe they have little to no control over what companies do with their data.6

Employers can support these efforts by providing access to these protective services. Ninety-two percent of HR professionals strongly agree that protection against identity theft is important.7 Employees who are victims of identity theft may experience negative impacts to their work performance, health and mental wellbeing. This support not only protects employees but also reduces the financial and reputational risks associated with data breaches which cost organizations an average of $9.44 million.8

Reducing risk through online privacy tools

Employers can help reduce privacy risks by offering tools and data broker removal services to protect employees' personal data. Norton LifeLock Benefit Solutions offers identity theft protection, including the Privacy Monitor Assistant, a new feature designed to help manage personal data exposure. This tool offers:

  • Computer screen showing Alt text Privacy Monitor Assistant product
    Data removal: Scans data broker sites and other online platforms to identify and remove personal information, reducing the risk of exploitation.
  • Customized alerts: Sends notifications if personal data is found on data broker sites or suspicious activity is detected.
  • Detailed reports: Offers transparency with detailed reports on the status of personal data across platforms, including the steps taken to remove it.
  • Enhanced privacy controls: Allow users to customize privacy settings, offering protection tailored to their individual needs and concerns.
"As scammers become increasingly sophisticated, protecting personal data from exposure is more crucial than ever," says Leyla Bilge, director of the Norton Scam Research Lab. "Our Privacy Monitor Assistant feature represents a significant advancement in how individuals can manage their personal information. By removing information from data broker websites and monitoring for threats, we empower users to take control of their privacy and significantly reduce their risk of falling victim to scams."

By incorporating tools like Privacy Monitor Assistant into employee benefit plans, employers can enhance their employees' online privacy and security. This proactive approach not only helps protect employees from scams and identity theft but also contributes to their overall wellbeing.

Summary

In this digital era, protecting personal information is crucial for both employers and employees. Privacy and cybersecurity are closely linked, and by equipping your employees with the necessary tools and knowledge, you not only help them regain control over their privacy but also bolster your organization's defenses against cyber threats. As we continue to confront the challenges posed by data breaches and identity theft, it's vital for employers to actively support their employees' efforts to secure their data. Together, we can foster a safer and more secure workplace.

Author Information


Sources

1"H1 2024 Data Breach Analysis," Identity Theft Resource Center, 17 Jul 2024.

2Alder, Steve. "WebTPA Data Breach Affects 2.4 Million Health Insurance Policyholders," The HIPPA Journal, 20 May 2024.

3Online survey, The Harris Poll on behalf of Gen™ (formerly Norton LifeLock), Jan 2023.

4Casal, Julio. "Verifying the National Public Data Breach: The Largest Social Security Number Exposure in History," Constella, 20 Aug 2024.

5Punjwani, Mehdi "Data Broker Statistics and Trends," USA Today, 16 Sept 2024.

6McClain, Colleen et al. "How Americans View Data Privacy," Pew Research Center, 18 Oct 2023.

7Cyber Wellness 2021," HR.com. Mar 2021. PDF download.

8"The Weekly Breach Breakdown: The Cost of Doing Breaches — Cost of a Data Breach Rises to $9.44 Million in the US," Identity Theft Resource Center, 29 Jul 2022.


Disclaimer

Consulting and insurance brokerage services to be provided by Gallagher Benefit Services, Inc. and/or its affiliate Gallagher Benefit Services (Canada) Group Inc. Gallagher Benefit Services, Inc. is a licensed insurance agency that does business in California as "Gallagher Benefit Services of California Insurance Services" and in Massachusetts as "Gallagher Benefit Insurance Services." Neither Arthur J. Gallagher & Co., nor its affiliates provide accounting, legal or tax advice.