The Importance of HCM (Payroll) Confidentiality

Share This Post

Payroll professionals need be to more vigilant when it comes to protecting personal information as your payroll department are the custodians of sensitive information relating to employees and shareholders, some are home addresses, dates of birth, bank details, salary, dependent and beneficiary details to name a few.

In today’s digital age, one can only imagine the destruction of an employee’s identity if this information ends up in the wrong hands.

While research is showing that the general population is becoming more aware of online fraud and phishing models, a different type of fraud has been on the rise in South Africa

Some of these are:

Misuse of accounts whereby the criminal element fraudulently uses the victims account as a vehicle for transporting illegal obtained monies across boarders or inter account

Identity theft whereby a fraudster assumes the identity of an innocent individual and uses bogus identity to obtain goods or services. Credit rating which takes years to build can be ruined by identity thieves. Studies reveal that identity theft costs South Africa over R1-billion each year.

Employment application fraud where an individual uses false or stolen documents to get employment

Fraudulent insurance claims take place when a person making a claim misrepresents information in order to receive payment under a policy that they are not entitled to.

All the information required to facilitate these criminal activities are available to the criminal fraction within an organizations HCM department.

How do we secure HCM information in order to prevent such cases?

  • Encourage employees not to share personal information. Employees may know each other but one cannot trust what the next person can do with our personal information.

  • Protecting confidential and personal information using unique strong passwords. Strong passwords usually include symbols, numbers, lower- and upper-case letters and should be at least 8 characters long. Refrain from using children’s names, your names, date of birth as it would be easy for someone to crack your password.

  • Passwords should be changed often for all employees but especially when an employee who had access to payroll is terminated. This ensures that the terminated employee will not have access to the confidential payroll information when they have left the company.

  • Educate employees on phishing schemes, what it is and what they need to look out for. Setting up filters on work emails will help remove unwanted phishing emails.

  • Usage of restricted network in organization.

  • Laptop lockdown and biometric security measures.

  • Limit access to payroll data. Make sure that only designated people have access to the payroll information. Documents should be kept in a locked filing cabinet. Only the authorized employees should have access to the documents.

  • Use of paper shredder when wanting to discard documents. Aim to be a Paper “less” department rather than a Paperless department.

  • Periodic reviews on devices and systems which can pose high risk.

  • Regular independent audits with the HCM department.

  • Outsourcing of this function, for offsite storage and securitization.

  • Making use of a Paper-Less HCM application to store information electronically.

For more information on the above topic, please contact the LabourNet Helpdesk at

0861 LABNET (0861 522638).

Not yet a LabourNet client, but would like to know more about our service and products?

Email us: support@www.labournet.com

www.labournet.com

More To Explore

EMP201 vs EMP501
Payroll

EMP201 vs EMP501

EMP201s (Monthly Employer Declarations) and EMP501s (Employer Interim Reconciliation Declarations) are two documents that the South African Revenue Service (SARS) requires registered South African businesses to complete and record on