Make your own free website on

 Security of HR Data                      HR Information Systems             Home

The sensitive nature of the information and the very evolution of the HR function have all contributed to a sense that employee information, though required, must somehow be hidden away where it could do no harm to the organization. A classic stereotype of the HR department is one which depicts a group that hides reams of incredibly sensitive data in a rack of filing cabinets behind locked doors where it can and will be used against defenseless employees.

Restricting the availability of information has resulted in vital information being kept out of the hands of both the management staff and critical decision makers. As a result, the role of HR in the decision making process for the organization has been seriously hindered. When HR has nothing to bring to the table (in management planning sessions), HR becomes a spectator and not a player. The increased viability of HR as a vital member of the senior staff in corporations around the globe is a direct result of this paradigm shift from "hide" to "provide" regarding the role of HR in an organization's structure.

In all reality, there is a limited amount of information that must be legally protected and restricted. In addition, there is other information that must be considered corporate sensitive. However, the days when the vast wealth of employee information is simply not available to the appropriate members of the organization are over. Providing the right information to the right people in a timely manner is the very essence of Human Resources Management. In a company with 75 or more employees, this can only be achieved through an automated Human Resources Management System with properly implemented security features. The HRMS provides the data in a timely manner and the security features ensure that the right data gets to the right people.

Security Types

There are many different types of security which are designed to protect your data at different levels. The most common forms the security that are/should be provided in an HRMS are:

Access. Initial access security is designed to limit who can actually use the software, normally implemented via a user ID and password combination 

Encryption. Even with a well conceived network security scheme, it is possible that someone can access the directory in which the HR data is actually stored. If that data is stored in a non-encrypted form, the data can possibly be read and evaluated.Data encryption is a technology that scrambles the data into an unreadable form. The data is only readable when processed by the software. 

Module Access. If the HRMS provides multiple modules,  then Module Access is used to determine which modules the user can access. For example, an organization may have dedicated employees for both the employment, recruiting, and training administration functions. Each set of staff utilizes the same powerful features of the HRMS, but do not share responsibilities. A module security feature can be used to limit the personnel staff to the personnel module, the recruiting staff to the applicants module, and the training staff to the training administration module. If a shared employee is to cross over, access can be granted to any combination of modules as desired.

Database Access. Many HRMS products provide for multiple databases. A database can exist for each division or company within an organization, or the organization may choose to separate employees into different databases for other reasons. One typical scenario is that one database is used for staff employees while a separate database is used for executives. Regardless of the reasons for splitting employees into separate databases, there will exist a need to limit access to these individual databases. 

Record Access. Once given access to a database, there may be a need to limit which records in the database the user can access. For example, when there are three or four users on an HR staff, there are usually a handful of records for the senior staff which are typically maintained by the HR director and are “off-limits” to the rest of the HR staff. It is a simple matter to set access to the sensitive records to off for everyone but the HR director.

Another type of record access security is "filter based." For example, if the accounting manager has access to the HRMS, the query for this user might be "Department = Accounting." Once executed at login, only those records where the department field contains the phrase “accounting” will be available. 

Filter based security is extremely convenient when the HRMS has been implement across the organization. It even correctly handles the transfer of employees across departments or job codes or whatever fields have been used in the query.

Program Access. Once given access to a given database, program access determines which menu options or data entry screens the user can actually use. For example, a user who should not have access to the report writer can be denied access to the report writer menu option. 

Field Access. Once into a given program or screen, field access determines which specific fields can be used. At the field level, access is defined three ways, not just two. A user should be able to either modify the field, see the field (but not modify it), or not see the field at all. This extra feature known as “read only” is very important if empowering security is to be implemented in an HRMS system. 

Outside of the obvious sensitive data, there is a great deal of useful information that can be made to employees at all levels. You might be petrified if the employee had the ability to change that data, but there is nothing wrong with the employee actually seeing the data. Here is a classic example.

In many smaller organizations, the duty to produce the dreaded phone list falls on the receptionist or another member of the administrative staff. If this person is granted read-only access to the employee name and telephone number, he or she can produce the phone list report. 

Physical Security. Physical access is the ability to get to the software and the data by having physical access to a PC that is currently running the software. 

You, the HR manager, are working diligently on records maintenance for a recently received stack of performance reviews. You are suddenly distracted by a call from the senior staff meeting for a report detailing average salaries. You switch to the report writer, produce a beautiful report, and print a report. In your haste, you rush off to the meeting without locking your door or securing the software. After all, you will be back in two minutes. At the meeting, you are asked to present the numbers and assess them for the senior staff, which you do, of course wonderfully. One hour later, your return to your desk to find that your PC screen is displaying the same report you printed on hour earlier. You have to wonder if anyone came into your office and if anyone actually looked at your screen.

When HRMS software is installed on a single non-networked PC, physical access can normally be maintained by a simple locking door, a password protected screen saver, and a good dose of common sense. If the PC cannot be accessed, the software cannot be accessed, and the appropriate level of security is achieved. When the software is stored on a network and there are multiple users, the issue is compounded by the number of users and the increased possibility of an unprotected walk-away. In addition, network users often use network printers which may be accessible to other users who should not have access to this data. If a user runs a salary report on the network printer and waits 30 minutes to retrieve it, there are 30 minutes when that data was available to any walk-up user of that printer.

Once again, physical access is not the realm of the HRMS itself. It can only be provided by proper procedures, policies, and personal diligence by all users. Without physical security for your systems, you have no security at all.

Auditing. The best security system in the world is only as good as the tests that prove it is working. Auditing capabilities provide these tests. Auditing should include a record of every valid and invalid attempt at an initial access. Auditing should also provide the before and after values for fields that have been changed by users with date and time.

In most HRMS software, an invalid attempt is only recorded after three or four tries to enter a user ID and password. Thus, any invalid attempt recorded in the log merits investigation, particularly if the time of the attempt is outside regular business hours. In most cases, invalid attempts are generated by forgetful users or bad typists, but it never hurts to check.

A sample Audit Report showing changes made to three different records is shown to the left. Note that the log indicates the user name, the date, the time, employee ID, the field name, and the before and after values of the field that has been changed.


Securing your internal data is important for an organization. However, a balance must be struck between ensuring data is secure and empowering individuals by giving them access to information. As HR's role in strategic planning and organizational efficiency broadens in scope, it becomes even more of an imperative that the right individual have access to data in a timely manner while ensuring systems are secure from those indidividuals who should not have access. Only a carefully planned security model can both empower and protect your corporate assets.

HR Information Systems             Home