Protecting your payroll data

18 May 2017

One of the most important tasks in a business’ day to day running is the payment of their employees. Of course it is vital that everyone gets paid correctly and on time but it is also critical that that happens in a secure way.

The information used in order to pay employees is highly sensitive and if a company does not use procedures to protect this sufficiently it can leave them open to data protection breaches and could lead to large penalties and bad reputations.

So how can this data be managed better?

We have identified six ways that employers can improve the accuracy and protection of payroll information:

  1. Hold one source of golden data - it is important to have one place to hold up to date and accurate records of employee details. This one source of data, for example held in an HR system, can then feed other aspects of the business, such as payroll, and will ensure accurate data flows through the business. This limits the amount of staff involved, prevents work duplication occurring and will reduce the risk of inaccurate data.

  2. Limit the number of people accessing the data - ensure that access is strictly limited to those who need to know and use that information. If possible IT departments could also place limitations on access for individuals. Keeping sensitive data available to only a select few instantly reduces the risk of any data breaches. Ensure usernames and passwords are required to access sensitive information and try to avoid it being held on larger shared databases. Strict password requirements such as regular change password intervals and complex passwords including numbers, upper and lower case will increase access security.

  3. Be sure you have skilled staff. Have a training module on data protection and ensure all staff regularly undertake this. Anyone who is running the payroll within a business should have good knowledge of the payroll data to able to spot any anomalies especially if being run in-house. Alternatively outsourcing this process can ensure data is processed and handled correctly and securely.

  4. Monitor individual duties within processes when reviewing who is part of a process - it is helpful to ensure that there is a clear segregation of duties. For example make sure that the person who inputs data is different from the person who checks and reviews. This step ensures a reduced risk of inaccuracy.

  5. Use secure methods of communication - if outsourcing to a payroll provider ensure the data is being shared in a safe way. Using a secure communications portal that is encrypted is a strong way of improving data security as this means only those with access can log in and review the data. If this is not possible always ensure that if emails are used that any data is saved in a password protected document.

  6. Review data handling processes regularly - this will limit the chance of any breaches or inaccuracies. Internal audits will ensure standards meet the requirements of legislation such as the Data Protection Act 1998. Employers can also look to have external audits run or can look to attain certification to prove they meet requirements. Getting certifications such as ISO 27001 will improve processes and also show employees and potential clients that such data is dealt with correctly. If outsourcing payroll, employers should check that providers meet such standards.

These are just a few ways to improve the accuracy and protection of sensitive payroll data and there are many others to consider. By keeping up to date on regulations and ensuring regular checks are made of both internal and third party processes, employers can ensure they are proactively safeguarding their employee’s sensitive data.

For more information on protecting your data, please do not hesitate to contact Mark Holland.