Defining Your Policy for HRMS Payroll Data Access

Payroll data is sensitive. Not only does it include salary levels ( and deductions, contributions and benefits information) but it’s also linked to names, social security numbers and banking details – virtually an identify thief’s wish list. So, establishing a clear HRMS payroll data policy that covers who can access what and under which circumstances is not only sensible but also a way of showing your employees that you take their data security seriously.

First Things First

Payroll data must be accurate. Nothing prompts a complaint quite so fast as an incorrect salary or deduction. Assuming that you rigorously checked the data when it was first migrated to your current HRMS payroll database, and that great care is exercised in the inputting of new hire information, what’s left is to carry out a reporting regime with data integrity in mind. This might include tactics such as comparison and reconciliation reports for multiple databases, random spot-checking, manual cleansing exercises involving individual employees, and even dummy walkthroughs of specific processes. Giving employees updating rights over their own records via self-service is another key route to avoiding data degradation.

Internal Stakeholder Needs

A report from global accounting and consulting firm, Grant Thornton states, “Every company should know exactly what data it creates, stores and transmits” which is a good concise statement of intent for any HRMS payroll data access strategy. The breakdown from this headline leads us to consider the separate needs of various internal stakeholders: individual employees, managers, C-level executives, the payroll team, temporary access for HR- and payroll-related project teams and so on – each will have different needs and rights under an appropriately layered strategy.

Off-Premise Payroll Data

The same report went on to point out, “Further, organizations should know not only what data their transaction partners create, store and transmit, but also how their partners create, store and transmit it.” The widening use of outsourced services (including payroll) and mobile employee access means that these days, employee payroll data often leaves the premises. Even if you keep all responsibilities in-house, you may still be utilizing a cloud-based HRMS or payroll system that places your information in an anonymous data center elsewhere.

This leads to the need to consider secure methods of access. Options include access control lists, encrypted personally identifiable information (PII) and vulnerability assessments and ideally will be established to present a coordinated and simple set of security rules and access levels for users.

HRMS Payroll Data Integration

Finally, it’s not only human beings accessing your payroll data. Increasingly, HRMS systems include integrated payroll and benefits functionality and often are linked to other business intelligence systems such as CRM and ERP. As other software systems ‘dip into’ the HRMS payroll database the data becomes ‘shared’ and at the centre of any system to system integration, security and access (and of course, data quality) should be paramount.

author image
Dave Foxall

About the author…

Dave has worked as HR Manager for the Ministry of Justice for a number of years, he now writes on a broad range of topics including jazz music, and, of course, the HRMS software market.

author image
Dave Foxall