Case Study: Reduction in Physical Threats Against Public Health Agency Workforce

Challenge:

• Pandemic accelerated anti-vax misinformation
• Extremists increased physical threats and attacks against public health workers and execs
• Employee retention suffered and HR poaching soared
• New hires slowed – sourcing cycle times expanded

Solution:

• Privacy Bee for Business Engaged
• External Data Privacy Audits performed
• Privacy Risk Assessments performed
• Employee Risk Management engaged
• Unsecured data removal and cleansing initiated
• Marketing for HR and Sales revised to promote privacy mgt. practices

Results:

• Clarity of risks and risk profile achieved
• Risk scores and other visualizations delivered to executive mgt.
• Tolerances set for vulnerability and risk exposure
• Privacy metrics integrated with existing GRC
• Near total elimination of inbound threats and attacks
• Improved public and industry perception of customer’s privacy mgt. protocols
• Employee retention returned to normal levels and poaching became rare
• New employee recruitment, sourcing and on-boarding cycle times revert to mean

Challenge: The workforce of a government agency responsible for developing and distributing vaccines for COVID-19 and other public health threats – and especially its executive leadership – became the target of violent threats and physical attacks at the hands of partisan extremists.  Whether anti-vaccine sentiment or simply anti-government zealotry drove the uptick in threats against public health agencies, the customer suffered several damaging consequences.

Foremost among these was the imminent threat of death or serious physical injury of employees, leadership at office locations or at their homes.  As a ramification of the chilling violent threats being received, the customer noted a significant drop-off in the recruitment of new scientists, researchers, and clinicians.  Already in high demand amidst an ongoing talent shortage, the deficiency of new candidates in these job roles was exacerbated by the fact that these specialized professionals were reluctant to accept jobs within this high-profile governmental agency.  Fearing for their own safety and that of their families, candidates turned to other open opportunities in less controversial organizations.

Moreover, the perception of heightened risk impacted the customer’s employee retention capabilities as fearful employees left to find positions in safer corners of the scientific and pharmaceutical industry.

Cycle times for sourcing and onboarding key talent expanded by greater than 50% and retention figures plummeted from 85% to less than 50%.

Recognizing the dynamic, competitive staffing supplier companies began to more aggressively recruit the employees of the customer, poaching several dozen top performing workers in highly specialized scientific fields.

Solution:   The customer engaged Privacy Bee for Business to secure the external data privacy of its workforce.  By removing all unsecured external data and personally identifiable information (PII) on all its executives and rank-and-file workers, the customer was able to dramatically reduce the ability of threat actors and extremists to locate the targets of their misguided ire. 

The process began with several no-cost audits and assessments designed to identify all the unsecured data that could be used by a threat actor to locate a target, or a target’s family.  The External Data Privacy Audit (EDPA) analyzed and aggregated hundreds of available data points on the organization.  The output of the audit was used to build an analytical summary of the privacy risks and opportunities for strengthening defenses. 

Next, Privacy Bee administered Privacy Risk Assessments (PRA) to the entire workforce.  The results helped evaluate existing privacy practices and exposed all data privacy risks.  Once completed, Privacy Bee initiated Employee Risk Management enabling real-time monitoring of employee privacy risks including robust analytics, flagging of high-risk employees, departmental insights and other capabilities.

With the clarity and metrics derived via these free audits and assessments had identified all risks and vulnerabilities, the customer engaged Privacy Bee for Business to handle the removal and cleansing of exposed external data for every employee.

The customer began to include details of its new, improved focus on employee privacy, external data privacy and proactive efforts in its marketing – both for new business acquisition as well as HR recruiting.

in addition, the removal of employee PII from Data Brokers and People Search Sites, made it far more difficult for cutthroat recruiters to find and poach the in-demand professionals from the customer.

Results:  Within the first 45 days as the data from the PRA and EDPA were completed, the customer was able to review a data-driven and quantifiable visualization of their risk profile.  With risk scores derived for every employee and every department, the customer was able to take actionable steps to reduce vulnerability and exposure.  They were also able to set and enforce privacy risk tolerances on an ongoing basis as part of their Governance, Risk and Compliance (GRC) practices.

As Privacy Bee began to drive success at removing all the unsecured external data identified through the audits and assessments, the frequency and intensity of inbound threats to executives and other employees began to noticeably wane. 

With most employee PII removed from Data Brokers and People Search Sites, HR noted a drastic decrease in poaching by competitors’ HR departments and recruiters.

After the first 12 months, with the virtual elimination of negative publicity from threats and attacks, the customer reported a reversion to the mean with respect to its recruitment efforts.  Sourcing and onboarding cycle times snapped back to acceptable tolerances. 

Additionally, after promoting its new privacy practices internally as well as in external HR recruitment marketing, the customer reversed negative perceptions regarding its management of employee privacy and safety.  Recruitment among prospective candidates in scientific and clinical fields returned to historically typical volume.  Employee retention figures also snapped back to within acceptable levels as employees were comfortable that the best tactics and methodologies were now being applied to ensure their safety on and off the job.