How to Prevent Doxxing Through Effective HR Policies

In 2024, a disgruntled ex-employee of Walt Disney World launched an elaborate revenge campaign against the “happiest place on Earth.” As part of his scheme, he created a “dox” folder with personal information about some of his former colleagues. He used this information to try to hack into their work accounts with a bot, locking them out in the process.¹

The Disney incident isn’t unique. As more companies share and store data online, the risk of doxxing has increased. This practice involves using and often publishing someone’s personal information for malicious reasons. A 2025 SafeHome study found that almost 12 million Americans (4%) have been doxxed.²

People often don’t think of human resources (HR) as cybersecurity experts, but they’re on the front line of battling doxxing. By protecting employee data, HR teams can help safeguard employees from this harmful trend. Many companies have also created social media guidelines and other policies to reduce the risk of exposure.

This post explores how to prevent doxxing in the workplace.

What Is Doxxing? 

Doxxing happens when someone maliciously uses or exposes personal identifying information (PII) without consent.³ For example, Disney replaced the performer who played Tally the Elf after fans tracked down the original cast member’s personal details and harassed her online.⁴ Doxxing may also involve using sensitive information to attack someone’s reputation or even to get them fired or arrested.³

While doxxing may sometimes seem like a harmless prank, it can have severe consequences for employees, such as:³

• Fear of doing their jobs or expressing themselves 
• Identity theft
• Intimidation 
• Online harassment 
• Physical harm 
• Surveillance from others 

Doxxing harms organizations, too. If a business doesn’t properly secure employee data, it may face legal consequences for breaches. This practice can also harm an organization’s reputation and employee morale.

Why Doxxing Is a Workplace Issue 

Digital tools have become absolutely essential for many organizations, especially with the rise of remote work. According to a 2025 McKinsey report, 94% of employees are already familiar with generative AI tools.⁵ Workers may also use social media, videoconferencing software, collaboration tools like Slack, and many other platforms on the clock.

While these tools can help employees breeze through their to-do lists, they also increase the risk of doxxing. For instance, if someone hacks into your company’s communication software, they could steal internal data like employee names and contact information. Sound far-fetched? In 2022, a teenager hacked Uber’s Slack channel and taunted employees, posting, “I announce I am a hacker and Uber has suffered a data breach.”⁶

Employment laws require organizations to protect confidential employee data from incidents like these. One relevant law is the Illinois Biometric Privacy Act, which requires employers to get consent before collecting biometric data and protect it from disclosure. More broadly, the Health Insurance Portability and Accountability Act (HIPAA) requires organizations in all 50 states to keep employee health information confidential.⁷ Following these regulations can help protect the organization from lawsuits and other legal consequences.

Core HR Policies That Help Prevent Doxxing 

If you want to understand how to protect against doxxing, start with these essential HR policies:

• Data privacy rules: Spell out who has access to confidential data and how they can use it 
• Personal information protection policies: Only gather must-have employee data, such as bank account numbers for payroll, and create a data security plan to keep it safe⁸  
• Acceptable use guidelines: Develop standards for how employees should use digital tools, such as forbidding the entry of personal information into generative AI software
• Social media policies: Create clear guidelines for using social media safely, such as updating passwords frequently and not posting photos with an employee’s home in the background 
• Cybersecurity and information-sharing guidelines: Teach your employees how to handle data responsibly and keep their devices secure 
• Anti-harassment and workplace conduct policies: Colleagues can sometimes dox each other, so be sure to define unacceptable behavior and give employees a way to report harassment 

Gather all these policies in an employee handbook, and review them frequently with your team so they stay fresh in their minds.

Limiting Access to Employees’ Personal Data 

Even if your organization values privacy, you’ll need to gather some data from your employees, such as Social Security numbers and addresses. Keep this information safe by following these best practices:⁸

• Use access controls so employees can only access data on a need-to-know basis 
• Set up multi-factor authentication to make sure only authorized employees can log into your data storage and HR systems 
• Use safeguards like firewalls to protect your devices from hackers 
• If you need to send sensitive data over a wireless network, encrypt it first 
• Properly dispose of sensitive information when you no longer need it 

Employee Training and Awareness 

As the Federal Trade Commission observes, “Your data security plan may look great on paper, but it’s only as strong as the employees who implement it.”⁸ Take the time to teach your employees how to prevent being doxxed.

Begin by educating them about how doxxing happens. They may have heard stories of high-profile influencers and journalists getting doxxed but not realize it can happen to them, too. Teach them how to recognize warning signs, such as getting oddly personal emails from strangers, and tell them how to report their concerns.

Educate them about safe online behavior, too. This could include anything from blurring license plates in photos to using strong passwords.

Supporting Employees Affected by Doxxing 

Even the most conscientious employees can get doxxed. Prepare for the worst by developing a safety plan and offering resources for affected employees. For example, you might temporarily increase security measures in your building after someone gets doxxed or allow them to work from home.

Learn How to Create a Culture of Safety and Privacy With Pitt Law 

A deep understanding of data privacy laws and best practices will help you protect employees from doxxing and other twenty-first-century threats.

Expand your employment law knowledge with the University of Pittsburgh’s Online Master of Studies in Law (MSL) with a Human Resources Law specialization. The rigorous curriculum covers essential topics like Anti-Discrimination Law and Working Conditions. You’ll also receive personal mentorship from expert faculty and collaborate with peers in flexible online classes.

If you’re not ready to commit to a master’s degree, consider the Online Human Resources Law Certificate. Learn how to solve doxxing and other real-world legal challenges and keep up with the latest HR technology.

If you’re ready to take the next step, explore Pitt Law’s admissions requirements or apply today. Speak to an admissions outreach advisor for more information.