![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Jun. 27th, 2018 02:16 pm So HR is doing an audit. It's not for any particular reason other than that it's a good thing to do every now and again.
As part of that audit, they went thought the benefits records, pulled some names at random, and contacted them to make sure their TIAA-Cref information matched the employee's own records.
Here's the thing. They did this by scanning documents, redacting some of the information, and emailing it. I got my TIAA-Cref information emailed to me. Over email. With my name, date of birth, date I became an employee, my account number, and a breakdown of my account numbers. Sent to me over email.
Email.
This follows about a month after the last academic cabinet meeting where it was discussed that there was no expectation of privacy over the work email accounts so it was important not to use email for anyone personal information. Where it was discussed how managers and the ability to access emails accounts, and how, under the previous IT director, computers and emails were routinely gone through as routine practice.
I'm not pleased.
And this was done by an HR audit company.
Oy.
As part of that audit, they went thought the benefits records, pulled some names at random, and contacted them to make sure their TIAA-Cref information matched the employee's own records.
Here's the thing. They did this by scanning documents, redacting some of the information, and emailing it. I got my TIAA-Cref information emailed to me. Over email. With my name, date of birth, date I became an employee, my account number, and a breakdown of my account numbers. Sent to me over email.
Email.
This follows about a month after the last academic cabinet meeting where it was discussed that there was no expectation of privacy over the work email accounts so it was important not to use email for anyone personal information. Where it was discussed how managers and the ability to access emails accounts, and how, under the previous IT director, computers and emails were routinely gone through as routine practice.
I'm not pleased.
And this was done by an HR audit company.
Oy.
