H&M Group, a Swedish company specializing in apparel, was recently fined over forty million dollars because they collected excessive personal data on their employees and failed to protect that information. Some of the information collected was medical information, religious affiliation, and asking if there were troubles at home. Besides those questions being completely inappropriate, H&M failed to protect that data once it was put into their system, it being available to numerous managers in the company. What’s even worse is that some of that information directly impacted employee performance reviews.
None of this information would have been known if the company didn’t experience a data breach. The breach, which lasted only several hours, made the information widely available to anyone. This error was caused by a configuration error.
Steps were taken to fix the issue, including the replacement of managers, training on data security and labor laws, and the implementation of a data protection coordinator. However, it’s yet to be seen if H&M will continue with these changes or give up once they are out of the spotlight.
Poor information security has real-world impacts and there’s no excuses. Events like this can be easily avoided. Organizations always seem to think that cyber attacks and threats to their data are going to be super complex involving secret techniques. The truth is that almost all of the major data breaches could have been avoided with simple changes to their policies & procedures.
Policies & Procedures
Traditional solutions don’t fit their environment and they aren’t agile enough to keep up with the evolving landscape. This always leads to problems that can be traced back to poor implementation, or lack, of modern policies and procedures. Don’t make the same mistakes. Allow us to connect you with our partner today.