Managing access to your HRMS analytics data

HRMS analytics can provide a meaningful and tangible benefit to your organization. The raw data from the HRMS once in a usable format can ensure effective and efficient decision making. Consolidated lists of data can also generate interest for the wrong reasons from those who are seeking to do harm with your data. Managing HRMS analytics data is necessary to control those risks. How do you decide who should have access to what, and why?

Develop a classification system for your data and reports

Not every piece of data or report is created equally. Some data elements such as social security number and date of birth are especially attractive for identity theft while an employee’s desk phone number or cube location are helpful for others to know.

Common designations include: public, internal, restricted and confidential. The data fields on a report then drive the report’s designation using similar categories. Once your data is classified it is easier to manage.

Recommended reading: looking for an HRMS with strong analytics capability? Find one to suit your organization’s HR needs with our extensive vendor directory.

Design governance and policies of how data is accessed

Most HRMS allow for different roles to reflect a user’s need for data. Many systems allow for various levels of analytics access from no access up through to expert report writer. A user’s ability to see data fields in the analytics module should reflect what the user can access in the core HRMS, never more. Documented policies should detail how a user gets access to the HRMS and analytics.

Conduct regular user reviews to ensure that the employees who can create or run reports still need this access. Another tip is to audit what analytics are using the fields that you have classified as confidential to understand the business reason for usage.

Consider an HRMS analytics team to manage this area

Some companies have centralized this function to ensure that it is tightly managed. A limited number of HR users may have the ability to run analytics but any new requests have to come in via a team that applies the data classification scheme and then route for approvals where appropriate.

Ensure privacy training for anyone who can run reports
Users who have access to run reports should have training on how to handle and further distribute employee data. It only takes one slip up for HR and the HRMS to gain a poor reputation. I recently saw a data breach where the HR Generalist had sent out a file that included salary and bank account details and it went incorrectly to a group email address. Had she password protected the file as per the policy it would have lessened the damage.

One recommendation is to make HRMS privacy training part of your HRMS training program as the two go hand in hand, and to offer yearly refreshers.

author image
Heather Batyski

About the author…

Heather is an experienced HRMS analyst, consultant and manager. Having worked for companies such as Deloitte, Franklin Templeton and Oracle, Heather has first-hand experience of many HRMS solutions including Peoplesoft and Workday.

author image
Heather Batyski