the employer should have only professional data that relate to the scope of work, plus with the mutual agreement for data protection. This will secure employees information or data leak out. Hence, there is need a proper guideline for employer to have employees or customer data.

This query incorrectly conflates corporate social responsibility with holistic IT governance, taken here to include risk management, information security, and privacy. The concerns of corporate social responsibility usually include sustainable business, corporate conscience, corporate citizenship, and/or responsible business.

The most relevant concern regarding employee data is the issue of privacy: in a secure enterprise, privacy controls allow only designated personnel to access information governed under privacy laws, and include efforts to protect an individual’s ability to determine how his or her personal information is collected, used, stored, and disclosed. (Of course, IT governance that modulates risk management and information security directly impacts the success of a privacy program because, for example, privacy cannot exist without information security.)

Customer data is another issue: ways to protect it are to limit and control access to customer information; collect only what is necessary; consider destroying data after it has been used; let customers know their information is safe; make customer privacy everyone's business; and of course stay current on encryption practices.

Mohd Ikhwan Aziz Thank you for your valuable feedback.

Olivier Serrat Thank you so much for detailed feedback.

In my understanding correct me if I wrong, Companies social responsibility starts from being ethical , protecting concerns of society and its people?

Any organization not doing ethical business and investing it in green sustainable initiatives or free education would be socially responsible?

In my opinion corporate social responsibility starts with business type (must be ethical) , protecting interest of society and humanity first. Looking forward to have viewpoint on it.

Corporate social responsibility, according to the European Commission, is a concept whereby companies integrate social and environmental concerns in their business operations and in their interaction with their stakeholders on a voluntary basis. In the 21st century, however, compartmentalized logic cannot attend to the dynamism of risk in knowledge-based economies: there, it cannot be contained and demands active, "on the go" management: this makes such concerns as corporate governance, corporate reputation management, and corporate social responsibility increasingly and inextricably interdependent with other fundamentals of day-to-day management that may well involve the privacy and security matters this query originally referred to (recognizing nonetheless that the latter are more relevantly, efficiently, and effectively addressed for sustainable impact according to the approaches suggested earlier).

There are two perspectives to it. The personal data of employees aids in implementation of social security measures like Provident Fund, Gratuity benefits and family insurance cover apart from offering perks like subsidised education allowance for children. It can be used as a bait to put an errant employee to order. With glassdoor becoming a reality there is nothing sacrosanct anymore. Even employees should desist from posting everything and anything; it may jeopardise their career prospects. On the employers' side the data that is mandated by the government should only be collected and collated.