What is the Risk for Employee Information in Your Business?
If you have been a business owner for even a day or two you know how complicated all the rules and regulations can be about almost every aspect of business. There are laws and forms and records and it seems there is no consistency between any of it – right? Well, let’s not get too far down the rabbit hole and try to solve every issue here. But let’s take a moment and look at payroll and employee information and records.
First of all, just accept the fact that there are few hard and fast rules or regulations when it comes to employee records. With the exception of a few like the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA) requiring that medical records be stored SEPARATELY from other personnel records, there is little guidance as to what, how, and where records should be kept. That being said, it does not matter if you are a small business owner or a large corporate enterprise, all employee information should be confidential and kept secure.
The overriding umbrella is that all personal employee information should be kept SAFE. Now what does that mean? From my reading and discussions with attorneys, it generally means that information should be protected from any unauthorized people. By that I mean that your personal information should not be available to the general public, other employees, or to other organizations or businesses without employee authorization.
Laws and regulations vary between states, even when it comes to records retention. Then there are federal laws from agencies such as the Department of Labor and the Internal Revenue Code to manage. That means that every business owner has to understand the laws in their state and as they pertain to their industry.
Employee information storage
Physical files
The rule of thumb, according to several attorneys, is that while there may be no guidance as to where or how far apart files should be kept, every person responsible for employee information should ask themselves, ‘Can anyone other than those with a need to know get to the good stuff?’ If the answer is yes, the situation should be reviewed and changed. Here are some examples about physical files:
Employee records, including tax forms, applications, social security and other identification numbers, and personnel reviews should not be openly accessible.
Some solutions:
- Keep records in locked file cabinets
- Keep records in locked cabinets or rooms
- Keep medical records in one location and other data in another location
Since there are no specific guidelines, some businesses and organizations actually store permanent records in off-site locations under lock and key. Whatever decision you make about confidential employee records, none of the information should be readily accessible to anyone ‘just walking by.’
Electronic files
Special note: When files are stored electronically, it is time to bring in the tech specialists to be sure that proper protection in the way of firewalls and backups are not just in place, but continuously protected from hacking and intrusions.
Data and system backups might be scheduled daily in some areas of a business, with complete organizational back-ups on a different schedule, such as weekly, monthly, or even quarterly. This often depends on the business and the size of the business.
If you have been talking with technology security specialists, you know that the recommendation many of them make is to store back-ups offsite. Some suggest services that store your data ‘in the cloud’ while others might suggest physical drives stored in off-site locations that could range from the business owner’s home or even safe deposit boxes.
The idea behind most back-up storage is to retain the data in a safe location in case of emergency, destruction, or damage at the primary business location. The important element behind some of those decisions is to be able to recover from any computer network loss, not primarily to keep the data safe and secure from outside eyes. Bear in mind the difference when making decisions about how and where to store confidential employee information.
Payroll outsourcing as an element of your solution
Here at The Payroll Department we routinely help our clients organize and establish their employee records. We know exactly the forms that need to be completed and retained and with our set up process, employee information is quickly and easily managed from beginning of employment to end, and even for issuance of tax data for the final reporting tax year.
While outsourcing payroll to a service like The Payroll Department will not eliminate your need to store employee files, it would allow you to lock up the files in a secure location. With The Payroll Department processing payroll, it reduces the need for anyone to access the files on a routine basis at your business location.
Everyone is concerned with the security of their personal information today. That’s why it is crucial for business owners to work with professionals who understand the importance of maintaining the security of data. The Payroll Department has been processing payroll for almost three decades. We have seen the changes in data security and retention from well before the technology age came into being and we have changed and developed along the way to keep pace with the laws, regulations, and dangers.
Since we regularly communicate and transmit to state and federal agencies, our systems are compliant and secure within their standards.
Find out how outsourcing your payroll can change your business. It not only simplifies your business life, but reduces the worries, too. Call us at 317-852-2568 to learn more.
-Elaine of The Payroll Department Blog Team
