Shhh! How to make certain your private data stays that way — Business Management Daily: Free Reports on Human Resources, Employment Law, Office Management, Office Communication, Office Technology and Small Business Tax Business Management Daily

Shhh! How to make certain your private data stays that way

Get PDF file

by on
in Office Management,Payroll Management

Payroll handles sensitive data all the time, so it’s vital that you develop and maintain a robust privacy policy. Carla Gracen, product manager at Ceridian HCM, Inc., gave some policy pointers during her workshop at the American Payroll Association’s 32nd Annual Congress.

Getting started. If your company has a website, you probably have a general privacy policy. But, Gracen pointed out, that’s not enough for the Payroll department. To get a handle on privacy issues, it’s important to know what information is being collected, where it’s located and who controls it. Also key: Determine how this information is protected and which third parties have access to it.

Begin with the ultimate goal—ensuring that all payroll processes are protected. This includes employees’ files, the content and distribution of internal reports to other departments, record retention and “big data,” Gracen said.

Your next step is to assess the ultimate risk—identity theft. How is the risk spread? Gracen noted that employees who bring their own devices to work—personal laptops, tablets and smartphones—automatically ramp up the threat environment, since you have no control over their equipment. If your company allows employees to bring their own devices to work, your policy should cover that too. Wireless and mobile usage should also be covered, she pointed out.

Drilling down. Moving from the general to the specific, Gracen advised the audience to identify and document all the data inputs and outputs that affect payroll data. “Touch points,” as Gracen called them, can be as diverse as the company’s finance department, the general ledger, the company’s budget, HR, benefits, workers’ compensation and third-party payers of sick pay. These touch points are the weakest link because they can change at any time, she added.

Your biggest job will be to classify your data. Best bet: Gracen recommended developing a ranking system, with the most sensitive data (e.g., ­employees’ Social Security numbers and banking information) receiving the highest ranking. With your ranking system in place, you must assemble your data—include forms, existing policies and data-gathering tools, such as information from your time and attendance system.

Wrapping it up. No policy works on autopilot. Monitor your privacy policy, Gracen said, by using metrics to track compliance. Don’t go overboard; a few key metrics will do, she said.

Leave a Comment

 

Previous post:

Next post: