We live in a world where our private information isn't very
private. We voluntarily disburse a lot of information about ourselves
into myriad portals of the internet, and anything we don't
willingly surrender is probably gathered without our knowledge through
more circuitous means. I don't bring this up for
paranoia's sake, but to reaffirm that as the amount and type
of data that is collected increases exponentially
, so too does the need
for security and protocols around those who can access that information.
The workplace is no exception. More data about workers is collected and
aggregated than ever before, which leaves HR professionals with
decisions to make about who should be able to see that data; everything
from your title, to your performance rating, to your marital status and
other demographic information. This has led to a number of companies
handling this issue in a variety of ways.
In a recent call among i4cp members, several companies shared their
policies and philosophies on handling the issue of who can see what,
Some of the solutions included letting HR groups only see the
information for the unit they support (e.g. sales). Another company
allowed HR to see anyone's information on request, with the
exception that they could not see anyone's information from
HR. One company allowed complete access to all departments for anyone
within HR. This surprised us, so we naturally had to ask them if they
had encountered any issues with this open-minded policy. They reported
In general, it seemed that most companies tried to restrict access
based on need, with the understanding that there would be occasions
when intra-departmental or more secure employee data would need to be
accessed. In those instances, they made sure that permission was
required and that records of the access were logged.
Judging from the high turnout and the amount of participation in the
discussion, this is obviously an important issue to many of our
members. It's also an issue that doesn't seem to
have a one-size-fits-all strategy across companies yet.
If you feel you have a unique policy, or one that you've
found works particularly well, we would like to hear from you. Comment
below, just don't give up any confidential employee data!