It’s been a rough 18 months for Snap Inc, parent company of social media platform Snapchat; in October 2018 the brand’s stock fell dramatically by 10% to a new low of $6.84 – a massive 60% below its IPO price. What followed was a revolving door of senior management, with the likes of CFO Tim Stone and HRD Jason Halbert.
Now, mere days after CEO Evan Spiegel announced that his overhaul of the brand’s leadership team was complete, Snapchat has fallen headfirst into a new controversy.
A report published on Vice subsidiary Motherboard has revealed that employees across several departments can view user location information, saved Snaps, phone numbers, e-mail addresses and other sensitive data through an internal tool known as ‘Snaplion’.
Whilst it is unknown if use of the tool was promoted by management, or the extent to which the tool was abused by staff, one anonymous Snapchat employee was quoted telling a Motherboard journalist that to their knowledge, data access abuse happened at least ‘a few times’.
In total, Motherboard spoke to four former employees and a current employee – all of whom confirmed the existence of the ‘Snaplion’ tool. Two former employees were quoted stating that data infringements took place over a number of years, whilst e-mails obtained by Motherboard revealed evidence of an employee using the tool to look up a customer e-mail address outside of work context.
For HR practitioners it might spark fears about their own data processing processes. Since GDPR, 1,000 organisations have paid fines for failing to fully comply with the regulation. Here are five ways that HR can help prevent a data breach or reduce its impact according to shrm.org:
1. Paying close attention to who is being hired
This may sound incredibly simple, but it is important that HR knows exactly who is being hired. The company will need employees that they can trust and rely on, particularly if their job exposes them to information of a sensitive nature.
2. Accounting for equipment
During the recruitment process, HR should ensure that a checklist is complete so that the company has a record of all the equipment the new recruit requires. When it comes to the time that the employee decides to depart, HR can refer to the checklist to ensure that no sensitive information is removed from the business.
3. Train employees to spot issues
Employees may not be aware of how to identify and isolate security-related issues. This could be anything from a scam email that gives the impression it is from a colleague when it’s actually not. The site suggests that HR should ensure that employees are trained on how to recognise scams and how to identify genuine emails that are sent from real colleagues to avoid any issues.
4. Making sure that workers speak up
It is crucial that when a breach or attempted breach occurs, employees who handle personally identifiable information (PII) feel confident approaching the appropriate members of staff. This will help control the situation and result in a swifter resolution.
5. Creating a culture of compliance
For this to happen effectively, HR should be liaising with all departments in the business, whether it be finance, IT or security. And to ensure that this is filtered all the way through the business, compliance cooperation must start at C-Suite-level.