Chapter BAI for HR basicsPage 5 of 8

AI for HR basics

Privacy of employee data

Access to employee information does not automatically create permission to place it in an AI system, combine it with other records, or use it for a new purpose.

~15 minData governance

Before you start

Why this matters

An HR partner wants help summarizing a performance file. The file contains objectives, manager notes, disability accommodations, an investigation reference, salary history, and comments copied from private messages. The approved task only requires a summary of current objectives.

Which fields should enter the tool? The safest answer is not “all of them, because HR already has access.” Use the minimum current objective data needed for the defined task. Access, purpose, and necessity are different questions. AI makes copying and recombining information easy, so disciplined data minimization becomes more important.

1Learn the idea

Read

Understand why HR data is sensitive

HR records can include identity and contact details, compensation, benefits, attendance, performance, disciplinary records, immigration status, background checks, health and disability information, union activity, family circumstances, complaints, survey responses, and inferred traits. A single prompt may combine several categories that were originally collected for different reasons.

The employment relationship also involves a power imbalance. An employee may feel unable to refuse monitoring or optional AI processing. A notice or checkbox does not automatically make consent freely given or legally appropriate. Determine the valid basis, purpose, and obligations with qualified privacy, legal, security, and employee-relations specialists.

Do not infer sensitive facts merely because a model can. Predicting pregnancy, health, burnout, union interest, emotion, or likelihood of leaving can be intrusive, inaccurate, and harmful. A prediction can affect a person even when it is never proven true.

Read

Map the full data flow

Before use, draw where data travels:

  1. the source system or document;
  2. preprocessing, redaction, or file conversion;
  3. the prompt and uploaded context;
  4. model provider and any subprocessors;
  5. generated output;
  6. logs, caches, analytics, and safety monitoring;
  7. integrations such as email, applicant tracking, ticketing, or HR systems;
  8. reviewer devices and exported files;
  9. archives, backups, deletion queues, and incident records.

The output can be as sensitive as the input. A generated summary that says “likely to leave due to health stress” creates a new, potentially unsupported personnel record. Treat prompts, outputs, feedback, and reviewer corrections as governed data.

Ask concrete provider questions. Is customer data used to train models? Where is it processed? Who can access support logs? What are retention and deletion timelines? Can the service honor access, correction, restriction, and deletion requirements? Which model or subprocessor changes trigger notice? Marketing phrases such as “enterprise secure” are not answers.

Read

Apply purpose limitation and minimization

State the purpose narrowly: “Draft a summary of completed training modules for employee confirmation” is better than “analyze employee potential.” Then list the minimum fields needed. Remove names when identity is not necessary, but remember that de-identification can fail when records contain unique roles, events, dates, or free text.

Do not repurpose recruitment data for performance prediction simply because it is available. Do not combine wellbeing surveys with promotion decisions unless there is a legitimate, lawful, transparent, and carefully governed basis—which may not exist. Keep voluntary feedback separate from individual employment decisions.

Free text is especially risky. People may mention medical details, allegations, third parties, or privileged discussions. Use preprocessing and human review to exclude irrelevant content. Redaction tools also make mistakes, so test them and preserve a secure way to verify what was removed.

Read

Control access and retention

Use approved organizational accounts rather than personal AI services. Apply least privilege: recruiters need candidate records for assigned roles, managers need appropriate team information, and vendor support staff should not receive unrestricted personnel files. Strong authentication, role-based access, encryption, logging, and periodic access review are foundational.

Set retention by artifact and purpose. The source application, prompt, model output, audit log, and final decision record may require different periods. “Delete chats” may not remove exports, logs, backups, or downstream copies. Assign responsibility and test deletion.

Logging creates a trade-off. Logs help investigate errors and demonstrate review, but they can become a second sensitive database. Record the minimum needed for accountability, protect it, and prevent routine viewers from seeing unnecessary personal content.

Read

Be transparent and support rights

People should receive understandable information about what tool is used, for what purpose, what data it processes, how outputs affect the process, how long records are retained, and how to ask questions or seek correction where applicable. Avoid vague language such as “we may use innovative technologies to improve experiences.”

Transparency does not cure an unjustified practice. Nor should a privacy notice expose security details or overwhelm readers. Layer information: a concise explanation first, with more detailed policy and contact routes available.

Plan for data errors. Employees may share names, move addresses, update qualifications, or contest manager notes. A model can reproduce stale information across new documents. Maintain source-of-truth rules, effective dates, correction workflows, and downstream propagation. Never let generated prose overwrite an authoritative record without review.

Read

Handle incidents and requests

Define what happens when data reaches an unapproved service, a prompt reveals another employee’s information, an output creates a harmful inference, or an access request includes model records. Staff need a clear reporting route and should not conceal mistakes by deleting evidence outside procedure.

Pause affected processing, preserve appropriate records, involve the designated response team, assess scope and obligations, correct downstream artifacts, and communicate as required. Practice this workflow before a real incident.

Checking tutor…