Securing Confidential Data in Your HR Help Desk
HR Help Desk systems are not payroll systems, though discussion of confidential payroll information may likely be collected during the course of managing an employee ticket request. The same holds true with healthcare data, personal credit data, and more. Certainly your HR Help Desk is not a financial system, benefit provider system, or any other system that is designed to collect and manage discreet types of personal information.
In some ways, the HR Help Desk system is more akin to email – with one key differentiator – data security. Your unsecure corporate email system collects and stores virtually any and all types of data, much of it potentially highly confidential in nature. HR Help Desks can and do collect that same information. The danger with email is that emails can easily be forwarded and/or copied to unauthorized eyes.
There is literally no feature in email systems designed to prevent confidential information from being sent to anyone. If you know their address, you can send anything to anyone without restrictions. Corporate policies may be in place to control email flow, but that is no guarantee that violations will not occur, whether inadvertently or intentionally.
However, in contrast, the best HR Help Desk solutions control who can see specific types of confidential data, and who you can send that information to. Whether the data came from the HCM system, was entered into a new case screen or chat screen, or was written in a note field, HR has the assurance that confidential data remains confidential.
One obvious exception would be willful misuse, which no system can prevent 100%.
The important issue is that almost any type of personal information that exists can and eventually will be collected in the Help Desk database. Healthcare data, financial and other credit data, personally identifiable info, job-related performance data, anything – will end up in the Help Desk.
Security starts with ensuring your system is hosted in a certified data center (or properly managed by your IT staff in-house). Look for certifications and compliances for HIPAA, PII, PCI, PHI, SSAE16 Type II, Safe Harbor, and other standards. SaaS based solutions (shared environment) may also be fully certified, though there are some inherent risks in a shared server system vs dedicated server. Work with your IT staff to assess the risks and benefits of any particular configuration. You will likely need to balance cost vs. security, ultimately with emphasis on confidentiality and privacy.
HR must also configure the system to ensure data is accessible only to authorized users. For instance, only payroll personnel should have access to payroll issues. The same may hold true with performance reviews, harassment complaints, and other not-so-obvious topics that should have restricted access. The HR Help Desk restrictions should apply to employee master file display screens, reports, system searches, data extracts, and any other means of creating data views.
Last and certainly not least, stop using email (with or without a Help Desk system) to communicate confidential information. LBi HR HelpDesk provides an email-chat hybrid to maintain all dialogs between employees and HR, and HR to HR during the course of resolving a case. This feature resides within the Help Desk system, where your data security is ensured. Training the employee base to use your HR Help Desk employee portal (from their cell phone or desktop) will greatly minimize the risk of a costly lawsuit down the road while improving employee engagement and satisfaction.