Money loss isn’t the only consequence of identity theft. Employers could possibly take a much bigger hit with loss of reputation, diminished employee trust, and maybe even government action - as the Privacy Act 1988 states, because you hold the personal information of all of your employees, you are obligated to protect them from misuse, interference, loss, and any form of unauthorised access.
Before going through the details of securing your payroll, you must first know a few basics about personal information.
What is Personal Information?
You may be thinking that this question is obvious - that personal information relates to your name, address, phone number, school attended, and many other details. However, most people forget that even conversational information is considered personal information and should not be spread without authorisation. This includes their likes or dislikes, as well as their opinions on any subject. A good guideline is that if this piece of information can immediately identify your employee, then it is most likely considered to be personal information.
Who is obligated to protect personal information?
Everyone who holds personal information is obligated to protect it by law. This is not limited to physical possession or ownership of records. For example, if you were to hire a third party to store your data, whether paper or digital, and they have authorisation to access and modify it, then they still fall under the privacy act and must adhere to it.
With that out of the way, we can focus on the steps needed to have a more secure payroll:
Step 1: Determine whether you really need to gather or hold this personal information for your daily payroll
Would you put a child inside a gorilla’s cage or on the front lines of a war? Of course not, because that child has no business being there. Why then would you gather personal information without a valid purpose? You’d be putting that information at unnecessary risk to you and your employees. Identity theft prevention can be as simple as not having that information in the first place.
Step 2: Plan how information should be handled during payroll
Plans and strategies are the best tools for preventing any danger to your company. Payroll managers, employers, and other top positions have the perfect vantage point in terms of seeing how an outsider can access their information. Like looking at a maze with a bird’s-eye view, you see all the possible entry points and weaknesses of your payroll management system. A simple change in strategy can go a long way to protecting your business from identity theft.
Step 3: Conduct a PIA
Also known as Privacy Impact Assessment, these are written reports and reviews of your current security measures. Any activity your company does, especially payroll security, can have an impact on your privacy. This assessment should minimise or even completely eliminate that impact. It’s a constant process of observing your operations for security weaknesses and giving you recommendations on how to better your system. If you would like a full guide on how to conduct IPAs, please check out this helpful guide on the OAIC website.
Step 4: Proper disposal of unneeded information
If you simply dump your records in a bin and call it a day, you may as well have created heaven for identity thieves in your area. No place is safe as they will exploit any means they can to access your personal information. Do not give them this chance by properly disposing of your unneeded or invalid records. If you have a third party handling your records, make sure that they are also properly discarding your data. You can also ask that they return it so that you can dispose of it yourself. You may burn, shred, pulverise, pulp or disintegrate your documents; as long as the data becomes impossible to comprehend, any method is acceptable.
Following these steps will ensure that your payroll security system covers all bases and assures everyone that their personal information is safe from malicious hands. If you want help in protecting your payroll data, then contact or ask us questions here. We at D&V assure all our clients that our payroll procedures have powerful barriers that will not allow any unauthorised access or put your sensitive information at risk.