Rise in Employment-Related Data Breaches Sparks Concerns
A significant increase in employment-related data breaches has been attributed to internal mismanagement rather than external cyberattacks, according to data protection expert Mr. Olamide Babalola. Speaking at the 14th Annual Lecture of Hybrid Solicitors and Consult at the Radisson Blu in Victoria Island, Lagos, Babalola highlighted the urgent need for organizations to reassess their data protection strategies.
The lecture, themed “Employment Data Breaches: Risks, Responses and Mitigation,” addressed the pressing issues surrounding data security in the workplace. Babalola noted that breaches often arise from negligence, particularly concerning the misuse of email systems. In his address, he warned that practices such as sending group emails without using blind carbon copy can inadvertently expose personal data, leading to serious privacy violations.
He shared a notable incident involving a technology company where an HR director forwarded internal emails that contained sensitive information about an employee’s pregnancy and performance. This lapse not only resulted in disparaging remarks being shared publicly but also led to a substantial data breach with significant legal and reputational ramifications for the company.
The repercussions of such internal errors can escalate quickly, as Babalola illustrated with a case in which the affected employee shared the emails with international affiliates, raising concerns over discrimination and data privacy laws that are more rigorously enforced outside Nigeria. Fortunately for the company involved, a well-defined internal email policy mitigated further liability, though the employee’s decision to transfer information to a personal email account complicated matters.
Insider threats remain a leading concern for organizations, and Babalola emphasized that employees often have access to sensitive information without sufficient controls in place. He suggested an alarming statistic, revealing that Nigerian banks alone have paid approximately N200 million in damages for data protection violations over the last year.
Beyond the financial implications, Babalola articulated the human impact of data breaches, including emotional distress, loss of identity, and damage to personal reputation. He cited incidents of social media impersonation and misdirected communications that expose customers’ private data, underscoring the pervasive nature of these threats. He assertively stated, “Whoever has your data can easily control your life.”
The expert strongly advocated for organizations to adhere to Nigeria’s enhanced data protection laws, which clearly delineate employer obligations and employee rights. His recommendations included the establishment of robust internal data protection policies, strict access controls, and well-defined plans for responding to data incidents.
In his welcoming remarks, Mr. Bimbo Atilola, the Chief Host of the lecture, reinforced the importance of addressing data breaches and emphasized that negligence in data management can lead to severe operational and reputational risks. He encouraged employers to take proactive measures to protect employee information, particularly in the context of an increasingly tech-driven business landscape.
Atilola elucidated the critical role of data management in the HR value chain, noting that sensitive information—including biometric details, financial records, and identification numbers—is frequently collected and stored. He asserted that a breach in this duty of care can expose employers to significant legal ramifications and loss of employee trust.
With cases of class action lawsuits emerging globally due to employment data breaches, including incidents involving tens of thousands of workers, Atilola stressed the importance of consistent workplace policies and training. He cautioned that inconsistent practices expose organizations to legal scrutiny and the risk of reputational damage.
As organizations continue to face evolving threats related to data breaches, Babalola and Atilola both emphasized the need for ongoing education and reinforcement of data protection measures to safeguard sensitive information. Regular audits and inspections of data utilization practices were noted as essential steps to mitigate risks and bolster organizational integrity.
In terms of the tactics and techniques employed during such breaches, initial access through social engineering or insider threats can be mapped to the MITRE ATT&CK framework’s tactics, such as credential dumping and exploitation of valid accounts. These avenues highlight the need for organizations to maintain a vigilant stance on internal security protocols, especially as cyber threats grow increasingly sophisticated.
With data breaches on the rise, it is paramount for businesses to prioritize data protection and take comprehensive steps to prevent incidents, thus preserving both their operational integrity and their employees’ trust.
