Making Privacy a Priority

May 1, 1996
Protecting confidential data and employee records isn't easy. But Atmel Corp., a San Jose, California-based company that manufactures specialized semiconductors, proves that it's possible. The firm, with $634 million in 1995 sales and 3,000 employees in the United States and Europe, has established elaborate procedures to ensure that human resources data doesn't fall into the wrong hands or leak to the wrong person. "There are inherent risks of doing business, but there are many ways to minimize those risks," says Bobbi LaPlante, the firm's corporate manager of human resources.

To begin with, employee files—still kept in paper-based folders—are locked away in file cabinets and can't be pulled by anyone other than an approved clerk in HR. If a manager needs to view an employee's file, human resources doesn't allow the file to go outside the HR department. Ditto for medical records, which HR keeps in a separate set of file cabinets that are off-limits to anyone outside the department. Not only does that ensure confidentiality about a disability or medical condition, it keeps highly sensitive medical information from becoming public if a court issues a subpoena to view an employee's records. Although all companies are supposed to separate health records from employee files, that's not always the case.

The firm also takes great care in the way it maintains information and how it uses data. Atmel avoids using Social Security numbers and instead generates a unique employee number—something only approximately 30% of firms do. That alone eliminates many of the concerns employees have over privacy. But it also makes it far more difficult for someone to misuse or commit fraud with an employee's Social Security number. In fact, the employee number is used only as a means of identification and nothing more.

Next year, Atmel will likely migrate to a computerized record-keeping system. But it's already mapping out the transition and working with its management information systems (MIS) department to create strong security protection, including a fire wall of sorts that will keep unauthorized users out. "Security and privacy are two areas that can't be overlooked when you're talking about electronic systems," LaPlante says. "HRIS data is as valuable and important as anything a company has."

In fact, that thinking permeates the way Atmel conducts its internal business. Privacy and confidentiality are stressed throughout the interview process—and many questions focus on issues relating to the topic. Existing employees not only receive a handbook that carefully spells out policy, they also receive ongoing training and briefings on privacy issues. And because Atmel's HR director is an attorney, it makes it far easier to follow the latest rulings and trends, passing the information onto employees. "It's something we drill into employees: a breach of privacy or confidentiality can cost you your job. Even something that's seemingly innocuous is an offense worthy of firing," says LaPlante.

Finally, the company is no less vigilant when it comes to the use of equipment and property. It has a strict policy covering what kind of information employees can have on their computers and how they use electronic media, such as e-mail and voicemail. It informs workers that desks, lockers and file cabinets are company property, and that Atmel reserves the right to search them, if necessary. In reality, that rarely happens. Likewise, telephones, e-mail and voicemail aren't monitored—unless the company discovers that an individual is misusing the system or stealing. Concludes LaPlante: "You have to strike a balance. As an employer, it's necessary to create a secure environment and avoid liability, but it's also important to create a positive atmosphere and one in which creativity and innovation can flourish. It's a constant balancing act, but you can create an environment that works for everyone."

Personnel Journal, May 1996, Vol. 75, No. 5, p. 76.