With all the possible forms of sensitive employee information and all the possible locations where that information might be found, the chances of an employee's private information being inappropriately disclosed in a poorly secured Human Resources (HR) environment could be high.
But what are the consequences of poor HR security that allows employee private information to get into the wrong hands? Some scenarios include:

• Civil suits: An angry employee who has had their private information inappropriately disclosed need only do a quick web search for "employee private information lawsuit" to find dozens of lawyers and law firms eager to sue the company that committed the violation.
  In fact, one firm in Minnesota brags about "achieving large settlements for...
  wrongful dissemination of private information...
  in violation of the Minnesota Government Data Practices Act.
  "
• Damaged reputation: A company who discloses employee private information runs a serious risk of bad publicity based on the event from newspapers, radio, and television.
  Depending on the extent of that publicity, the company's reputation and brand image could be permanently damaged, possibly resulting in loss of sales and shareholder value.
  
• Employee and customer distrust: If a company can't demonstrate that they can do something as straightforward as protecting their employee's information, why should customers trust them with their private information or business? And if one case of employee sensitive information disclosure occurs, why should employees believe it wouldn't happen again, and maybe with their information next time? Such distrust could lead to lost sales and high employee turnover.
  
• Unfair advantage to outside parties: Depending on what employee information is lost and to whom, the information could prove to be incredibly valuable to the right people.
  For instance, a complete list of all employees, their titles, salaries and contact information would be a goldmine to a competing company's recruiters--and a potential death sentence to the company that lost the information.
  
• Expensive retrofitting: Companies that didn't design their HR systems and processes to be secure from the beginning may have to pay a hefty price to retrofit their information systems and processes to meet new security requirements.
  
• Reprimands and terminations: All the bad things listed so far are mostly things that could happen to the company.
  But none of these take into consideration one thing that might happen to the employees within the company--namely, somebody could get fired! If any one of these bad things come to pass, you can be certain that someone is going to be found to blame.
  And if you were seen as responsible for some aspect of safeguarding sensitive information, that someone could be you.
  

These possibilities are just the beginning.
It is not inconceivable that a big enough breach in HR security could result in a combination of these scenarios, ultimately causing the company to go out of business.
While the consequences of poor information security within a company and its HR department can be dire, there is good news.
As the one department that interacts most with all employees throughout their employment with a company, HR is uniquely positioned to positively influence the culture of a company to take information security issues seriously.
Also, because HR's heritage is one of risk management, incorporating a concept like information security into their operating procedures and evangelizing security to the company should come naturally.