Managing access to your HRMS analytics data
HRMS analytics can provide a meaningful and tangible benefit to your organization. The raw data from the HRMS once in a usable format can ensure effective and efficient decision making. Consolidated lists of data can also generate interest for the wrong reasons from those who are seeking to do harm with your data. Managing HRMS analytics data is necessary to control those risks. How do you decide who should have access to what, and why?
Develop a classification system for your data and reports
Not every piece of data or report is created equally. Some data elements such as social security number and date of birth are especially attractive for identity theft while an employee’s desk phone number or cube location are helpful for others to know.
Common designations include: public, internal, restricted and confidential. The data fields on a report then drive the report’s designation using similar categories. Once your data is classified it is easier to manage.
Recommended reading: looking for an HRMS with strong analytics capability? Find one to suit your organization’s HR needs with our extensive vendor directory.
Design governance and policies of how data is accessed
Most HRMS allow for different roles to reflect a user’s need for data. Many systems allow for various levels of analytics access from no access up through to expert report writer. A user’s ability to see data fields in the analytics module should reflect what the user can access in the core HRMS, never more. Documented policies should detail how a user gets access to the HRMS and analytics.
Conduct regular user reviews to ensure that the employees who can create or run reports still need this access. Another tip is to audit what analytics are using the fields that you have classified as confidential to understand the business reason for usage.
Consider an HRMS analytics team to manage this area
Some companies have centralized this function to ensure that it is tightly managed. A limited number of HR users may have the ability to run analytics but any new requests have to come in via a team that applies the data classification scheme and then route for approvals where appropriate.
Ensure privacy training for anyone who can run reports
Users who have access to run reports should have training on how to handle and further distribute employee data. It only takes one slip up for HR and the HRMS to gain a poor reputation. I recently saw a data breach where the HR Generalist had sent out a file that included salary and bank account details and it went incorrectly to a group email address. Had she password protected the file as per the policy it would have lessened the damage.
One recommendation is to make HRMS privacy training part of your HRMS training program as the two go hand in hand, and to offer yearly refreshers.
Featured white papers
5 ways HRMS helps you get more out of your HR data
A comprehensive guide to the data analytics capabilities of your HRMSDownload
Five employee satisfaction metrics to track to reduce workforce turnover
How measuring these key employee metrics can help retain your talent
Four ways to action your people analytics data
Learn how to maximize the benefits of your HR people analytics data
Five basic HR data security threats in 2018
Read about the most common threats to HR data security this year and how to combat these threats.