BRON: A blockchained framework for privacy information retrieval in human resource management

Privacy protection ensures that individuals have control over personal data, preventing abuse and preserving trust in the use of online services. In the “Digital Era”, where the collection, storage and processing of personal information have become ubiquitous, data privacy emerges as a relevant topic. In this sense, laws were created, such as the General Data Protection Law (LGPD) in Brazil and the General Data Protection Regulation (GDPR) in Europe, to control privacy and the processing of personal data. The article presents a comparative analysis of 2 (two) data privacy mechanisms, the Zero-Knowledge Proof (ZKP) and Ring Signatures, used in Blockchain, aiming at the legal and regulatory implications with the LGPD and GDPR. The comparative study between ZKP and Ring Signatures highlights the flexibility of ZKP in various contexts, including voting and secure authentication systems, while Ring Signatures offer significant advantages in terms of scalability and efficiency in systems where subscriber anonymity is considered fundamental. Furthermore, the legal and regulatory implications of the ZKP are discussed, mainly in relation to LGPD and GDPR. Finally, the article concludes that the comparative analysis offers insights into applications, challenges and legal and regulatory implications, particularly in relation to data privacy and compliance with regulations such as LGPD and GDPR.

The challenges and opportunities of mental health data sharing in the UK

This paper aims to examine the effectiveness of the data protection strategies carried out by managers across various organizations, including medical, and determine their awareness about data protection laws. It examines the role of the General Data Protection Regulation (GDPR) or Personal Data Protection Bill, 2018 in India, determining the measures taken by HR Manager in handling the processes of employees’ data and the organization’s strategy. The study utilizes a qualitative approach of data collection, wherein HR managers conducted interviews from various organizations. Transcripts were further analyzed using text analysis to determine the effectiveness of data protection in the organization and how GDPR is helping in this process. The HR Managers will collectively identify the ways and means of data privacy and security that manage organizations’ data and strengthen their security measures. This study is expected to determine securities adopted by organizations. It would suggest more stringent measures to the HR Managers for data security in the future.

The Foundation is a non-profit organization that focuses on education and empowerment of women in micro-enterprises (MSMEs). The Foundation has several community activity programs such as scholarship programs, batik learning houses, learning house programs for underprivileged community groups, etc. Community Service Activities carried out by STIE Trisakti at The Foundation aim to help organizations improve the accuracy and completeness of data on the HRIS (Human Resource Information System) used by The Foundation so that the process of managing Human Resource (HR) management activities becomes more efficient and appropriate. The STIE Trisakti Community Service Team together with The Foundation team carry out activities to apply management science, especially human resource management, to optimize the use of HRIS as a solution for managing organizational HR by updating employee data through the process of collecting the latest employee data and filling out employee data update forms continuously. The use of HRIS in routine activities is the responsibility of the HC administration unit so that the available data is accurate and can minimize errors that generally occur in the process of organizational HR management activities. Accurate employee data information is an important part of the HR management process to achieve efficiency and effectiveness in achieving success goals.

The General Data Protection Regulation (GDPR) has been in force since May 2018, yet its implementation in employment relationships continues to present compliance challenges. This study examines the intersection of data protection and labor law by analyzing how the Romanian Data Protection Authority (DPA) interprets and enforces GDPR principles in workplace settings. The research is based on an empirical analysis of decisions issued by the Romanian DPA, offering insights into common compliance failures and risk mitigation strategies. The study identifies two primary categories of GDPR breaches in employment contexts. The first includes direct violations committed by employers, such as unauthorized data collection, failure to ensure transparency, and excessive monitoring through video surveillance or electronic tracking. The second category consists of violations formally attributed to employers but triggered by employee actions, highlighting the importance of internal safeguards and employee training. The research further demonstrates that non-compliance extends beyond employer-led processing to include unauthorized disclosures, misuse of biometric data, and failures in data retention policies. Findings reveal that many breaches result from the inability of employers to justify legitimate interests, failure to consult employees before implementing monitoring systems, and inadequate security measures. The study underscores the necessity of a structured compliance framework in human resource management, advocating for transparent monitoring policies, strict access controls, and periodic security assessments. By integrating legal analysis with human resource management principles, this research contributes to the broader discourse on GDPR compliance in employment relations. It highlights the importance of interdisciplinary approaches in shaping data protection strategies and reinforces the need for organizations to adopt risk-based methodologies to mitigate regulatory exposure.

PurposeWhile current human resource management (HRM) research on the relationship between HRM and employee well-being has focused on performance-oriented HRM (e.g. high-performance work practices), scholars have called to broaden the perspective and to explore HRM practices that are indeed well-being-oriented. The purpose of this paper is to analyze the empirical diffusion of well-being-oriented HRM configurations, the conditions in which these are used, and their associations with health, happiness and relational well-being.Design/methodology/approachAnalyses are based on a probabilistic subsample of 1,364 employees in Germany. Employee data are used, since individual employees' perceptions of HRM practices are crucial for understanding the effects of HRM on employee well-being. Configurations of well-being-oriented HRM practices are identified using latent class analysis.FindingsFindings show that (1) employees experience diverse configurations of well-being-oriented HRM practices, which differ in their investment levels and the specific practices used; (2) these configurations are contingent on organizational-level and individual-level characteristics and (3) these configurations have diverse associations with different well-being dimensions. Importantly, configurations characterized by higher investments are not always associated with higher well-being, and the highest well-being is associated with a configuration based on high investment in well-being-oriented HRM focused on support from supervisors.Originality/valueThis exploratory paper is the first to analyze configurations of well-being-oriented HRM practices. By focusing on well-being-oriented HRM it complements previous research which usually addresses how HRM systems designed to enhance performance affect employee well-being.

Abstract: The digital revolution has irreversibly transformed the healthcare landscape, revolutionizing the way health data is managed and raising critical questions about its protection. The seamless integration of technology has propelled healthcare into a new era of interconnectedness and data-driven innovation, presenting both unprecedented opportunities and challenges. In this context, this paper conducts a comprehensive comparative study of two pivotal regulatory frameworks: the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA). These regulations, enacted on different continents, serve as cornerstones in the protection of health data and offer profound insights into the evolving landscape of data privacy and security in the digital age.The surge in digital health platforms, electronic medical records, and data-sharing networks has ushered in an era where personal health information is more vulnerable and valuable than ever before. The GDPR, a landmark legislation within the European Union, empowers individuals with control over their personal data and sets stringent standards for data protection. On the other side of the Atlantic, HIPAA plays a fundamental role in regulating health data in the United States, emphasizing the confidentiality, integrity, and availability of electronic health information.This study aims to unravel the intricate tapestry of health data protection by juxtaposing the GDPR and HIPAA. By exploring their commonalities and disparities, this analysis offers insights into the multifaceted dimensions of safeguarding health data in an interconnected world. Delving into the legal principles, individual rights, organizational responsibilities, security prerequisites, procedural intricacies, and enforcement mechanisms embedded within these frameworks, this study seeks to inform stakeholders and decision-makers about the critical nuances of health data governance.Employing a comprehensive research approach that draws from primary legal sources, scholarly interpretations, case studies, and comparative analyses, this study enriches our understanding of the intricate interplay between regulation and technology. By shedding light on the regulatory strategies of the GDPR and HIPAA, stakeholders can better navigate the intricate terrain of health data protection and contribute to the development of a privacy-respecting and technologically vibrant healthcare ecosystem.

The General Data Protection Regulation (GDPR) - which came into force in May 2018 - introduced a complete change to data privacy law. Arguably one of the most comprehensive pieces of European Union legislation, the GDPR appears to put data subjects in charge, with new and improved subject rights, wider territorial scope and increased accountability and enforcement mechanisms, all of which aim to strengthen their individual rights. The digital revolution presented the existing data protection legislation, namely the Data Protection Directive (DPD) (1995), with significant challenges. New means of processing personal information have led to increasingly acute consumer concerns over how personal data is gathered, handled, and stored. Modern - and largely intangible - processing methods may result in data subjects lacking control over their personal data. Control is in itself an essential aspect of data protection, not only in terms of privacy, but to uphold informational autonomy. As their own data is affected, a consumer should be able to ‘…predict with sufficient certainty which information about himself in certain areas is known to his social milieu…’ in order to have control over it. This may be done by having the right to choose how data is dealt with and where it will eventually end up. This article analyses what the Regulation has achieved in relation to giving consumers more control over their personal data. The wording and principles of the GDPR appear to prioritise consumer control, more so than any other European legal instrument. The issue of how GDPR has affected consumers has however received far less attention than the repercussions of the legislation upon organisations. Much academic commentary has focused upon commending, comparing or criticising the European initiative: this article will look to these to gauge whether this ‘gold standard’ reform really ‘does what it says on the tin.’ It compares GDPR with DPD to set out the rationale for reform, having regard to the increased influence and advance of modern technologies in a globalised market; it then argues that the breakdown of technological boundaries means that the DPD had perhaps lost touch, in terms of territorial scope, definitions, and terminologies. It therefore then examines those rights and principles that give rise to greater consumer control over personal data, not least transparency, fairness, lawfulness and accountability. Arguably, changes were not truly ground breaking, given that these principles are similar to those set out in the earlier Directive. The rights contained in the 2016 Regulation clearly reinforce these core principles however, not least the rights to be forgotten, to have data access, and portability. An enforcement mechanism is a crucial aspect of consumer control. The conclusion argues that, despite clearly improving individual control, the Regulation may still not provide adequate protection when it comes to the most advanced areas in the technological field, namely, where mechanisms automatically or unknowingly process personal data. With this area of law constantly developing, however, it may be premature to critique certain obscure methods of processing: UK citizens similarly face a perhaps unknowable future post-Brexit. The concept of data protection remains a fundamental right however, given how the Charter of Fundamental Rights of the European Union works alongside the GDPR to uphold individual rights. In other words, both the Regulation – and the concept of a right to data protection - may be redundant if existing in isolation; they must rely upon each other to operate effectively.

In Germany, no specific “Employee Privacy Act” exists. Still, there are several sources of law in Germany which result in rather strict protection of personal employee data. First of all, the provisions of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) apply to the collection, processing and use of personal data of employees with sec. 32 BDSG explicitly governing the collection, processing and use of employee data. Secondly, specific data protection obligations might follow from applicable works agreements (Betriebsvereinbarungen). As of 25 May 2018, the General Data Protection Regulation (GDPR) will replace national data protection laws throughout the EU. However, art. 88 of the GDPR allows for national legislation for processing in the employment context which specifies the requirements of the GDPR and the German legislator has opted for keeping a slightly amended version of the current law under the GDPR.

This article examines whether organizations can enhance employee well‐being by adopting human resource management (HRM) practices strategically targeted to improve skill development and deployment in a recessionary context. Employee skill utilization is proposed as the mediating mechanism between HRM practice and well‐being. The role of workplace skill composition is also examined as a boundary condition within which HRM differentially impacts employee outcomes. Using a nationally representative survey of UK workplaces (Workplace Employment Relations Survey 2011) and matched management and employee data, the analysis focused on organizations that had implemented some recessionary action following the 2008–2009 global financial and economic crisis. The findings show that human capital enhancing HRM and enriched job design positively influenced both job satisfaction and work‐related affective well‐being through increased employee skill utilization. Organizations with predominantly high‐skilled workforces were more likely to adopt these skills‐oriented HRM practices. Nevertheless, the effects of HRM on employee outcomes via skill utilization applied across organizations, regardless of workforce skill composition. The findings demonstrate employee skill utilization as a driver of HRM outcomes and the sustainability of “best practice” HRM arguments across all skill levels, even in the face of recession.

The article addresses the issue of ensuringconfidential exchange of personal data in inter-organizationalinformation systems under conditions of increasing digitalinteraction between public and private sector entities. It is notedthat centralized models for processing and exchanging personaldata fail to provide an adequate level of protection againstunauthorized access, transaction tampering, and do not ensuresufficient transparency of data operations. These limitationshinder full compliance with regulatory requirements, particularlythe provisions of the General Data Protection Regulation(GDPR), ISO/IEC 27001 and 27701 standards, as well asnational legislation on information protection. The study substantiates the feasibility of using a permissioned blockchain as the architectural basis forimplementing a secure, decentralized exchange of personal datawith guaranteed access control, transaction audit, and dataimmutability. A conceptual model of the information system isproposed, involving smart contracts for managing data subjectconsent, access control, and the integration of the InterPlanetaryFile System (IPFS) for robust off-chain data storage. The modelalso includes the use of Zero-Knowledge Proof (ZKP) cryptographic mechanisms and behavioral verification criteriafor transactions. Particular attention is given to risk analysis associated withpersonal data processing in inter-organizational environments, and to the application of supplementary protection tools—suchas masking, pseudonymization, and data perturbation—tomitigate potential losses in the event of data leakage. A set oftechnical and organizational compliance criteria withinternational and national information security standards isoutlined. The aim of this research is to design an architectural modelfor inter-organizational personal data exchange based onpermissioned blockchain that ensures confidentiality, integrity, controlled access, and regulatory compliance in the field ofinformation protection.

The EU General Data Protection Regulation (GDPR), regarded as the most significant change in information privacy law in these two decades, admittedly impacts our current systems in almost every field. After analyzing real cases, including Microsoft Office, Google LLC., Knuddels.de and Facebook Ireland Ltd, we attempt to illustrate the concepts behind data collection, processing, controlling and transformation toward GDPR compliance. Technology is, in other words, the principal problem that data protection law is trying to solve. If entities are storing too much personal data, for example, technology needs to deliver delete, erase, de-duplication and minimization enforcement. Under Article 33 of the GDPR, operation organization must report a data breach within 72 h without “undue delay,” which highlights the importance of identity transparency for each data ownership while finding out where the breach occurred, what areas have been affected, and how it happened is not straightforward as typical awareness. Self-sovereign identity is addressed in this paper to propose a practical infrastructure and clarify the technical requirements of GDPR judgment and compliance along with the mitigation of certain impacts from access control, integrity, confidentiality, and privacy implication.

e integration of Artificial Intelligence (AI) in Human Resource Management (HRM) has revolutionized traditional recruitment and selection processes, particularly in the IT industry, where rapid technological advancements demand a skilled and dynamic workforce. AI-driven recruitment systems leverage machine learning, natural language processing (NLP), and predictive analytics to enhance efficiency, reduce hiring biases, and improve decision-making. This study explores the transformative role of AI in recruitment and selection within the IT sector, highlighting its benefits, challenges, and future implications. AI-powered tools have streamlined various stages of the hiring process, from resume screening to candidate assessment. Automated applicant tracking systems (ATS) equipped with AI algorithms can efficiently scan thousands of resumes, filtering out the most relevant candidates based on predefined criteria. Additionally, AI-driven chatbots and virtual assistants engage with applicants, provide real-time responses, schedule interviews, and enhance the candidate experience. These tools reduce the time-to-hire and improve the quality of recruitment by identifying the best-fit candidates based on skills, experience, and cultural alignment. Another critical advantage of AI in recruitment is its potential to reduce human biases. Traditional hiring processes are often influenced by unconscious biases related to gender, ethnicity, or educational background. AI-driven assessments focus on skills-based evaluation, utilizing predictive analytics to match candidates with job roles based on competencies rather than demographic factors. Furthermore, video interview analysis tools can assess verbal and non-verbal cues using facial recognition and speech analysis, helping recruiters make data-driven hiring decisions. Despite these benefits, AI in recruitment comes with challenges. One significant concern is data privacy and ethical considerations. AI algorithms rely on vast datasets, raising questions about data security, transparency, and fairness. If trained on biased historical data, AI systems may perpetuate discrimination rather than eliminate it. Ensuring algorithmic fairness and regulatory compliance, such as adhering to General Data Protection Regulation (GDPR) and other data protection laws, is crucial for ethical AI deployment in HR. Additionally, the human touch in recruitment remains essential. While AI can handle administrative tasks and initial screenings, final hiring decisions still require human judgment. Organizations must strike a balance between AI automation and human intuition to ensure a holistic approach to talent acquisition. HR professionals must also undergo upskilling to effectively leverage AI tools and interpret AI-driven insights. The future of AI in HRM will see advancements in predictive hiring, sentiment analysis, and skill gap analysis. AI-powered platforms will not only match candidates to current job roles but also predict future skill requirements and recommend personalized learning paths for employees. In the IT industry, where skills evolve rapidly, AI-driven workforce planning will play a crucial role in talent retention and upskilling initiatives. This paper analyzes the impact of AI on recruitment and selection in the IT industry, focusing on efficiency, bias reduction, candidate experience, and decision-making improvements. It examines AI-driven tools like ATS, chatbots, and predictive analytics, discusses ethical concerns, and explores the future role of AI in workforce planning and talent acquisition.

The development of a robust, transparent and interoperable E-healthcare infrastructure has been a difficult task due to many regulations and legislatures like HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation). Healthcare service providers prefer to store data about their patients in locked up silos, behind often inadequate layers of security and firewalls. Such an approach results in data breaches and limits the ability to get a holistic view of the medical history of a patient. The obscure cost of treatment is another issue brought to attention recently in media. In this paper, we have proposed a national blockchain framework for managing patients' Electronic Health Records (EHRs) access control and funds in the context of India's National healthcare scheme. We introduce a transparent insurance claim process for healthcare providers and an auditable trail of EHR access using smart contracts. We use a smart card approach allowing beneficiaries to authenticate their identity using zero-knowledge proofs and delegate access to service the providers via proxy re-encryption.

PriFoB: A Privacy-aware Fog-enhanced Blockchain-based system for Global Accreditation and Credential Verification