As you are no doubt aware, the Payroll department is a target for data theft from both internal and external sources. We would like to share some best practices that Payroll personnel can take when protecting data to minimize the likelihood of secure information being intentionally or unintentionally released:
- Secure all documentation that contains employee information, including employee files, system reports, and negotiable paychecks
- Only collect items from employees that you actually need
- Implement a strong document destruction policy
- Secure servers and backup tapes
- Encrypt data as much as possible
- Update computer systems, as necessary, to those that are more secure
- Work with the IT department to manage the disposal of computer, copier and printer hard drives
- Change passwords frequently, keep passwords secure, and log out of all systems when away from your desk
- Restrict users’ access to what they need to know to perform their job duties
- Create policies that govern the use of company property that employees can carry with them (for example, laptops, flash drives, paper files)
- State in contracts with third parties that your organization owns the employee data
- Agree with vendors on their data protection practices and data retention time frames
- Set standards for how vendors can choose other third parties
- Monitor for vendor merger and acquisition activity, and revisit privacy and protection issues before an agreement is made
We hope that this list gives you ideas of how your organization, and your department specifically, can be more secure. If you have any other good practices to share with the RDA community, please comment below.
