Offboarding & Your HRMS Data: 3 Invaluable Security Tips
Once an employee is no longer employed, HRMS data associated with this employment is the forgotten, or worse, mishandled. What can you keep? What can you utilize in future? How long should you keep data? It’s an interesting conundrum, and answers will depend on the context.
Understand the Legal and Audit Requirements
Different countries have various laws about retaining employee data and in some cases, the need to archive or remove employee data. Your industry may also have additional requirements to these geographic ones. HRMS data retention best practices may also vary for different types of data, such as payroll data needing to be kept longer than health or benefits data. Fortunately, most companies have a legal department to analyze the legislation and provide the answers as a starting point.
Identify Data Retention Requirements
Identity theft can be a worry for many and an HRMS contains a whole host of sensitive data such as social security numbers and bank details which can make it a target for thieves. Once an employee is terminated, the need to access an employee’s data is reduced. It is beneficial to think about who would need to access a terminated employee’s data, and for what business purpose?
A local HR generalist may need to answer an employee’s question about transferring a 401k or cobra coverage, so will need to see the employee’s record for the first few months. A benefits or payroll department may need to access the data for the first year from termination, or payroll may need to see the data for up to seven years in the event of a tax audit. A specialized HR analytics team may have a responsibility to produce annual metrics such as turnover over the past three years, so will still need to access some of this HRMS data. Finally, a recruitment team may need to access if a former employee is suitable for rehire.
Define User Access Levels & Rules
Does anyone else have a business reason to access all of the terminated employee’s personal details, in particular for greater lengths of time, such as five years? Many companies have employees who have left 10 or more years ago in the HRMS, and full access remains to the employee data. Such a scenario is an HRMS data security risk as well as a source for mistakes or confusion, if HR professionals need to sift out old data to get to the current employees. Best practice suggests to set some guidelines and use security access levels in the HRMS to hide old data from most users as time goes on.
Free white paper

HRMS Software Vendor Directory
Put the most up-to-date HRMS vendor directory on your desk today! Over 60 vendors listed.

Featured white papers
Related articles
-
Five basic HR data security threats in 2023
Read about the most common threats to HR data security this year and how to combat these threats.
-
Five common employee onboarding problems and how to fix them
Don’t let these employee onboarding mistakes hold you back - your HRMS can help!
-
Employee onboarding: how your HRMS can promote HR best practice
How your HRMS system can ensure that employee onboarding processes follow HR best practice