This document serves as an accessible version of this course and is intended only for those individuals who require an accommodation for a disability. If you do not require an accommodation based on a disability, you must complete the web-based training through ESS > My Training to receive credit on your transcript.
There is one management directive referenced in this course:
· Management Directive 505.18, Amended, Maintenance, Access and Release of Employee Information
To reinforce the importance of protecting confidential information, human resource (HR) departments need to conduct confidentiality training to ensure the department’s credibility and operational integrity.
Welcome to the Confidentiality Training for Human Resources (HR) staff. To reinforce the importance of protecting confidential information, human resource (HR) departments need to conduct confidentiality training to ensure the department’s credibility and operational integrity. There are certain aspects of HR that must remain confidential. By the end of this course, HR staff will have reviewed relevant policies and be able to understand and acknowledge:
· The importance of confidentiality
· The role of confidentiality in HR
· The practices, policies and procedures for handling confidential information
"Confidentiality is a delicate bargain of trust." Martin Uzochukwu Ugwu
Let’s begin by discussing what confidentiality is. Confidentiality is a term that refers to keeping certain information private, whether it is written, spoken or electronic. The responsibility to ensure that commonwealth employee information remains confidential rests with everyone, but it is primarily the responsibility of the commonwealth’s HR staff. As such, the commonwealth’s HR staff are essentially the guardians of confidential employee information.
"It takes 20 years to build a reputation and five minutes to ruin it." Warren Buffet
Now that we know what confidentiality is and the responsibility of HR to safeguard confidential employee information, let’s review why it is so important to maintain the confidentiality of information in our care.
· It’s the law- First and foremost, various federal and state laws require that certain employee information in an employer’s possession be kept confidential. For example, under the Americans with Disabilities Act (ADA), information regarding an applicant’s or an employee’s medical condition or history must be treated as confidential information and stored in confidential files separate from other files such as official personnel files.
· Constitutionally Protected - Second, and equally important, employees may have constitutionally protected privacy interests in certain information such as their home address.
· Commonwealth Policies - Third, the commonwealth has a number of policies regarding the confidentiality of employee information, the primary one being Management Directive 505.18, which sets forth responsibilities for maintaining the confidentiality of employee information and procedures for allowing access in only certain limited circumstances.
· Trust is Key - Finally, as HR professionals, we are responsible to assure and maintain the trust of our fellow employees by protecting their personal information. Any violations of laws or policies in regard to maintaining the confidentiality of employee information may result in disciplinary action, up to and including termination of employment.
You may find yourself asking, what exactly is considered confidential employee information? It is important to note, that as an HR employee, you are entrusted to treat all information you handle as confidential, regardless of whether some of that information may be considered “public information” for certain purposes, such as the Right-to-Know Law. You are responsible to protect customer and employee information which includes, but is not limited to:
· Personal data- Month and day of birth, marital status, home address, home and cell phone numbers, race and gender and social security numbers.
· Bank account information- Bank account number, routing number and bank name are considered confidential pieces of information.
· Salary- Salary is defined as fixed compensation paid regularly for services.
· Job status changes- This can include promotions, demotions or lateral moves.
· Beneficiary information- This can include, but is not limited to, life insurance policy, retirement plan or health savings account information.
· Family relationships- Who someone is related to and how they are or not related is information we also keep confidential.
· Equal Employment Opportunity (EEO) information- Equal Employment Opportunity (EEO) information can include, but is not limited to, race, national origin and gender.
· Reasonable accommodations- Reasonable accommodations are an adjustment to a job or work environment that makes it possible for an individual with a disability to perform the essential functions of their job. Reasonable accommodations may include specialized equipment, modifications to the work environment.
· Work performance (Employee Performance Reviews)- The evaluation provides professional development opportunities and some personal details. This information should remain secure.
· Disciplinary and investigative information- Disciplinary and investigative information can include, but is not limited to, information regarding discipline imposed such as a suspension, or any information pertaining to an investigation that may have occurred or is contemplated.
· Protected Health Information (PHI)- Any health information about an employee garnered through our work in human resources is Protected Health Information (PHI). PHI includes, but is not limited to, information that can be used to identify an individual, and that was created, used or disclosed in the course of providing a health care service, such as a diagnosis or treatment.
· Other - Any private information about an employee garnered through our work in human resources. This includes, but is not limited to, religious beliefs, nationality, political affiliation and marital status.
Do not share or access employee information unless there is a specific business-related reason to do so.
· Specific Business Reasons - As a reminder, some of this information may be publicly available, however, as mentioned previously, employee information may not be accessed or shared with anyone unless there is a specific busines related reason to do so.
· Trust - Additionally, confidential information cannot be shared outside the workplace. If it is, a breach in confidentiality affects the credibility and operational integrity of HR and has potential legal implications. If the trust employees place in HR professionals is lost, there could be a reduction in productivity, a loss of important communication between the organizations and HR and an increase in employee turnover.
· Talent Recruiting Difficulties - Additionally, recruiting top talent may become more difficult. Non-compliance or blatant infractions of confidentiality laws, policies, practices and procedures can result in disciplinary action, up to and including termination of employment.
Improper sharing of or granting access to confidential employee information can occur through:
Confidential information can be improperly conveyed through personal interactions by phone or email, in person, at lunch and in the elevator.
Review the following examples of personal interactions:
· To Share or Not to Share - Erin, an agency timekeeper, tells co-worker, Helen, who has no reason to know of the information, about another co-worker who has a large negative leave balance.
· Divulging Information - Joe participates in discussions regarding collective bargaining. Friday after work, Joe shares pending collective bargaining details with friends who work in other agencies.
· No Way! - Tanya is processing a back-pay award to make an employee whole. Tanya shares the details and amount of money the employee will be receiving with her friend, Jada, who works in another agency, knows the employee on a personal level and has no work-related reason to know the information.
· Too Curious - Marcus, an employee in a Talent Acquisition section, shares applicant names for a senior-level position with a friend in the classification section.
In each of these examples, confidential information was improperly conveyed and accessed and should not have been shared with the respective parties.
Here are some steps you can take to protect confidential information during personal interactions.
· Be aware of unintended listeners. Confidential and personal employee information is not to be verbally repeated where others can overhear, such as in lunchrooms, elevators, hallways, etc.
· Be sure to only discuss confidential information when you have a valid business requirement for doing so and do so in an area away from others.
· Any private information about an employee that we learn as a result of the HR duties we perform should be treated confidentially.
Confidential information can be improperly conveyed or accessed through paperwork and forms.
Paperwork includes, but is not limited to:
· Notes on scrap paper
· Supporting documentation
· Investigations
· Applications
Forms include, but are not limited to:
· New hire documentation
· Family and Medical Leave Act (FMLA) certification and medical forms
· Enrollment forms
Review the following examples:
Unnecessary Attention
· New hire documentation
· Family and Medical Leave Act (FMLA) certification and
· medical forms
· Enrollment forms
Review the following examples:
· Unnecessary Attention - Carley is processing an E-PAR to promote John Doe to an HR Analyst position. Carley’s friend Esther also applied for the position. Carley invites Esther to stop by the work area and then Carley directs Esther’s attention to the E-PAR.
· Unauthorized Sharing of Transcript - Jamal, an agency’s designated Workers’ Compensation Coordinator, attends a workers’ compensation hearing. Jamal gives a copy of the transcript to Isaac to read. Isaac’s job duties do not involve workers’ compensation.
· Observing Eyes - Sally, an FMLA analyst, receives FMLA documentation from a coworker. At the end of Sally’s workday, the FMLA documentation is left sitting out on a desk. Lilly, who works a later shift in the same building, stops by to visit Sally. Seeing that Sally has gone for the day, Lilly takes the liberty to read through the FMLA documentation.
· Bad Decision - Ben is processing an Exceptional Pay Increase (EPI) for an agency executive. He complains to a colleague about how only a few people in HR ever receive an EPI, and so they decide to run a query identifying all the HR staff that have received an EPI within the last two years.
In each of these examples, confidential information was improperly accessed or conveyed and should not have. Here are some steps you can take to protect confidential information on paperwork and forms.
· If you leave your workstation, always lock your computer and ensure that paperwork or forms containing confidential information are secured in a locked desk drawer, cabinet or office
· Before co-workers or other visitors enter your work area, make sure that any confidential items are not visible
· If you need to take forms or paperwork containing confidential information to a meeting, ensure that you always retain control of those documents
· Do not share paperwork or forms with individuals who are not authorized to see or have that data been shared with the respective parties
Here are some steps you can take to protect confidential information on paperwork and forms.
· If you leave your workstation, always lock your computer and ensure that paperwork or forms containing confidential information are secured in a locked desk drawer, cabinet or office.
· Before co-workers or other visitors enter your work area, make sure that any confidential items are not visible.
· If you need to take forms or paperwork containing confidential information to a meeting, ensure that you always retain control of those documents.
· Do not share paperwork or forms with individuals who are not authorized to see or have that data been shared with the respective parties.
· When disposing of documents with confidential information, be sure to place in the appropriate locked shred bin instead of placing them in the regular trash.
Never
Confidential employee information should NEVER be accessed or shared for personal reasons; personal inquiries of confidential information are NOT ok. When we say personal inquiries, this includes performing transactions on yourself or immediate family members (this does not apply to an employee’s use of employee self-service), as well as reviewing data “out of curiosity” and not due to a specific business need or for a work-related reason.
HR Systems Include:
· SAP
· E-PAR
· CRM
· NEOGOV
· OrgPublisher
· IRIS
· LSO
· Workers’ Comp Insurance Carrier Database
· Etc.
Reports Include:
· Overtime summaries
· Retirement eligibility
· Projected turnover analyses
· Salary reports
· Employee mobility information
· Diversity and demographic employee reports
· Fire drill rosters
· Etc.
Here are some examples of personal inquiries:
· Neighbor and friends - My neighbor Stella, a former state employee, and I are mutual friends with a married couple, Jenny and Steve Smith. I just processed the PEBTF-2 to remove Jenny from Steve’s benefits due to divorce. We had no idea that there was any trouble in their marriage. I emailed Stella to share the news that Jenny and Steve are no longer married.
· Curiosity - Maya is curious to know how much some co-workers and supervisors earn. During a lunch break, Maya looks up everyone’s salary in SAP.
· The Promotion - Mark has applied for a promotion to an HR Analyst 3. Mark is curious to see who else applied and logs into NEOGOV to have a look.
In each of these examples, confidential information was improperly accessed or conveyed and should not have been shared with the respective parties.
Here are some steps you can take to protect confidential employee information when accessing reports and using HR systems.
· First and foremost, when it comes to reporting, remain aware of public versus private information. When using HR systems and utilizing SAP screens, electronic documents, etc., always remember to minimize the pertinent window(s) when a co-worker approaches your desk and don’t forget to lock your computer when you leave your desk for any reason.
· Confidential employee information available via HR systems is not to be left unattended or made available for access by non-authorized individuals. Do not leave mobile devices unattended. This includes not leaving laptops or mobile devices in your car as it can invite theft.
· Exercise care in the use and maintenance of your security codes and passwords so that no one else can access confidential employee information under your username or employee number. Do not write down passwords and leave them in an easily accessed location (i.e., post it note on your monitor).
· If you suspect unauthorized use of your password, change it immediately and notify your supervisor and IT department.
Quote: "If you believe in unlimited quality and act in all your business dealings with total integrity, the rest will take care of itself."- Frank Purdue
In summary, we have discussed
· Number one what is confidential employee information
· Why is it important to keep employee information confidential
· HR's responsibility to protect employee information
· Improper use of confidential information
· Proper handling of this information
Review the options listed as A through D and determine the reason why human resources confidentiality is important.
A. Various federal and state laws require that certain employee information in an employer's possession be kept confidential.
B. Employees may have constitutionally protected privacy interests and certain information.
C. The Commonwealth has a number of policies regarding the confidentiality of employee information, the primary one being Management Directive 505.18 Maintenance, Access and Release of Employee Information, which sets forth responsibilities for maintaining the confidentiality of employee information and procedures for allowing access to only certain limited circumstances.
D. All options listed
If you said all options listed, you are correct!
By requesting completion credit for this course, you are acknowledging that you have read and understand the training and its policy and will abide by the following:
· It is my responsibility to assure and maintain the trust of my agency clients and fellow employees by protecting information related to HR matters, including employees' personal information. I understand that disciplinary action, up to and including termination, may be taken if I fail to abide by any of the requirements of this agreement.
· I have reviewed this training in its entirety, and I understand that in my position as an HR staff member working for the Commonwealth of Pennsylvania, I am a guardian of confidential employee information and I am expected to comply with Management Directive 505.18 Maintenance, Access and Release of Employee Information.
· I understand that a violation of laws, policies and principles related to confidentiality may result in disciplinary action, up to and including termination of employment.
In summary, we have discussed
· What is confidential employee information
· Why it is important to keep employee information confidential
· HR’s responsibility to protect employee
· Improper use of confidential information
· Proper handling of this information
It is important to keep in mind that all HR staff are guardians of confidential employee information. We are responsible to ensure and maintain the trust of our fellow employees by protecting their personal information. Remember, a violation of the laws, policies and principles related to confidentiality may result in disciplinary action, up to and including termination of employment.
If you have any questions regarding the confidentiality of employee information, the handling of confidential information, or concerns about a possible breach of confidentiality, please speak with your supervisor.
Once you have fully reviewed the information in this training, reach out to your Training Officer to request credit for completing this course. You will not receive credit for completing this course until you do so. By requesting credit for the course, you are acknowledging that you have read and understand the policy.