HRIS Issues

Today, we will be talking about issues of
HRIS: integration; data integrity, security
and privacy (CHAPTER 16)

 Mainly experienced in HRIS design and
implementation phases
 HR Payroll Integration
 Example: fully integrated app
http://www.empower-hr.com/
Integration Issues

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human
Resource Information Systems: Basics, Applications, and Future
Directions, 2e © 2012 SAGE Publications, Inc.
Confidential information
 A great deal of confidential information about
employees is captured and stored by organizations
 Employee personal details
 Pay and benefits history
 Medical records
 Disciplinary records
 Data is stored electronically and transmitted across
networks.
 Increasing integration of HRIS has made information
security management a complex and challenging
undertaking
4

Information Security in HRIS
 Protecting information in the HRIS from
unauthorized
 Access, use, disclosure, disruption, modification, and
destruction
 Objectives of information security
 Protect confidentiality, integrity and availability of
information (Pfleeger, 2006; Wong, 2006b).
5

COMPONENTS OF
INFORMATION SECURITY
 Three main principles of information security
 Confidentiality
 Integrity
 Availability
 The HRIS is composed of three components
 Hardware
 Software
 Communications
 As mechanisms of protection
 Physical
 Personal
 Organizational levels
6

SOURCE: Wikipedia (2007)
COMPONENTS OF INFORMATION SECURITY
Figure 16.1
7

LEGAL REQUIREMENTS FOR INFORMATION
TECHNOLOGY
 The European Union Data Protection Directive (EUDPD)
 Requires that all EU members must adopt national regulations to
standardize the protection of data privacy for citizens throughout
the European Union.
 Singapore
 http://www.aar.com.au/pubs/asia/foasia24oct11.htm#Intro
8

 OECD/APEC
https://www.privacyenforcement.net/public/activities
Transborder data transfer

 Multinational employer
 New idea – centralised database for HR related data
 Business case template check-box:
 “Meets HR Data Privacy Requirements”
 Could not be marked because of lack of relevant
documentation
 Project denied
 Data transfer privacy requirements
 Risk associated with non-compliance
 (Gracen 2008, p.38)
HR Data Privacy and Project Metrics

THREATS TO INFORMATION SECURITY
 Human errors in data entry & handling
 Damage by employee
 Disgruntled & ill-informed employees: critical role of HR
 Misuse of computer systems:
 Unauthorized access to or use of information
 Computer-based fraud
 Viruses, worms & trojans: cyber terrorism
 Hackers
 Natural disasters
11

BEST PRACTICES IN HR INFORMATION SECURITY
 Adopt A comprehensive privacy policy
 Store sensitive personal data in secure computer systems
and provide encryption
 Dispose of documents properly or restore computer drives
and cd-roms
 Build document destruction capabilities into the office
infrastructure
 Conduct regular security practice training
 Conduct privacy “walk-throughs”
(Canavan, 2003; David, 2002; Tansley & Watson, 2000)
12

ADDITIONAL BEST PRACTICES IN HR
 The careful selection of staff with regard to their honesty and
integrity
 Raise information security awareness and ensure employees
understand corporate security policies
 Institute measures to address the personal problems of staff,
such as gambling and drug addictions, which might lead them
indulge in abuse for financial gains
 Provide access to effective grievance procedures since the
motivation for much computer abuse is retaliation against
management
Kovach, Hughes, Fagan, and Maggitti (2002)
Grundy, Collier, and Spaul (1994)
13

MANAGEMENT FOR HRIS
 ISO/IEC 27002
 Administrative/Procedural
 Logical/Technical
 Physical Controls
14

INFORMATION PRIVACY
 Comprises ethical, moral, and legal dimensions and has
assumed greater importance with the increased adoption of
the internet and Web 2.0.
 Privacy is A human value consisting of four elements (Kovach
& Tansey, 2000):
 Solitude: the right to be alone without disturbances
 Anonymity: the rights to have no public personal identity
 Intimacy: the right not to be monitored
 Reserve: the right to control one’s personal information including the
methods of dissemination of that information.
15

CONTROLLING ACCESS TO HR DATA
 Administrative controls
 Logical (technical) controls
 Physical controls
 Security classification for information
 Access control
 Cryptography
 Defense in depth
16

INFORMATION PRIVACY AND HRIS
 Concerns
 Types of employee information that can be collected and stored in
the system
 Who can access and update the information (Noe et al., 1994; Sadri &
Chatterjee, 2003)
 Considerations
 Collect and store information based on sound and valid business
reasons (Hubbard Et Al., 1998)
 Collect only information which is necessary, lawful, current, and
accurate (Camardella, 2003)
17

HRIS SECURITY BEST PRACTICES
1. Train users on how to securely use and handle the
equipment, data, and software.
2. Train employees to “log off” personal computers after they
are through using them.
3. Do not allow passwords to be shared. Change passwords
frequently.
4. Run software through a virus-detection program before
using it on the system.
5. Ensure that backup copies, data files, software, and
printouts are used only by authorized users.
(Noe et al., 1994; Pfleeger, 2006)
18

HRIS SECURITY BEST PRACTICES
1. Make backup copies of data files and programs.
2. Ensure that all software and mainframe applications
include an audit trail (a record of the changes and
transactions that occur in a system, including when and
who performed the changes).
3. Use edit controls (such as passwords) to limit employees'
access to data files and data fields.
4. Employees take responsibility for updating their
employee records themselves via the self-service system.
(Noe et al., 1994; Pfleeger, 2006)
19

 Effectiveness and efficiency depends on integrity and
accuracy of data
DATA INTEGRITY

 HR data management issues
 Siloed systems
 Inaccurate or outdated information
 Inefficient means of data sharing and transmission
 Resulting in
 Delays in decision making
 Missed opportunities
 Preventing movement to strategic role
 Costs millions of dollars each year
HR Data Availability, Quality and
Integrity (Sopoci & Keebler 2005)

 Government reporting requirements
 Basic organisational efficiency
 Credibility of HR function
 Costs
Business critical issues (Sopoci & Keebler 2005)

 Automation
 Fragmented systems
 Mix of manual and automated systems and processes
 Manual override
 Bad data
 Outdated data
Why data becomes bad (Sopoci & Keebler 2005)

 Best opportunity to fix data
 Identify information needed
 Don’t assume paper based data is accurate – check
 Data audits
Conversions (Sopoci & Keebler 2005)

 Develop an overall HR technology strategy
 Master system into which all HR data is entered and
resides (e.g. SAP HCM)
Keeping it clean (Sopoci & Keebler 2005)

 Data integrity results in efficiency, effectiveness and
strategic opportunities.
 Protecting the privacy concerns of individuals requires
a combination of law, processes, procedures and
technology.
 Organisations must ensure:
 Collection, maintenance, use and dissemination of personal
information is necessary, lawful, current, and accurate
 Maintenance of high ethical standards
(Wong & Thite 2009, p.404)
Conclusion

 Over the past 3 years, Monster.com has had breaches in
security.
 In your discussion groups search for information about this
security breach
 Prepare a short presentation on this and include some
analysis of the data integrity implications.
Web based exercise

HRIS Issues

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a HRIS Issues

Semelhante a HRIS Issues (20)

Mais de Thu Nandi Nwe

Mais de Thu Nandi Nwe (9)

Último

Último (20)

HRIS Issues