In a world where data is the new oil, a threat to data is directly proportional to a threat to the business itself. When such sensitive data can be jeopardised by an employee, whether intentionally (via malicious intent) or unintentionally (via malware), it only makes sense for the Human Resources (HR) department to be involved.
Sound data protection practices should be embedded in the role of HR because they must be implemented from the time an employee is hired until they leave the organisation, i.e. starting right from the application process to the exit mechanism.
Furthermore, HR is responsible for ensuring that everyone is aware of how their data is being used. HR guarantees that data is only used for the purposes consented to by the original owner. It is part of the job to keep everyone informed and up-to-date. While the procedure is time consuming, it will spare the company a lot of legal headaches in the future, as well as the risk of data theft.