hris issues

Dr Shah Miah

HRIS Issues

Today, we will be talking about issues of HRIS: integration; data integrity, security

and privacy (CHAPTER 16)

Mainly experienced in HRIS design and implementation phases

HR Payroll Integration

Example: fully integrated apphttp://www.empower-hr.com/

Integration Issues

Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc.

Confidential information

A great deal of confidential information about employees is captured and stored by organizations Employee personal details

Pay and benefits history

Medical records

Disciplinary records

Data is stored electronically and transmitted across networks.

Increasing integration of HRIS has made information security management a complex and challenging undertaking

4


Information Security in HRIS

Protecting information in the HRIS from unauthorized

Access, use, disclosure, disruption, modification, and destruction

Objectives of information security

Protect confidentiality, integrity and availability of information (Pfleeger, 2006; Wong, 2006b).

5


COMPONENTS OF INFORMATION SECURITY

Three main principles of information security Confidentiality

Integrity

Availability

The HRIS is composed of three components Hardware

Software

Communications

As mechanisms of protection Physical

Personal

Organizational levels

6


SOURCE: Wikipedia (2007)

COMPONENTS OF INFORMATION SECURITY Figure 16.1

7


LEGAL REQUIREMENTS FOR INFORMATION TECHNOLOGY

The European Union Data Protection Directive (EUDPD)

Requires that all EU members must adopt national regulations to standardize the protection of data privacy for citizens throughout the European Union.

Singapore http://www.aar.com.au/pubs/asia/foasia24oct11.htm#Intro

8

http://www.aar.com.au/pubs/asia/foasia24oct11.htm

OECD/APEC

https://www.privacyenforcement.net/public/activities

Transborder data transfer

https://www.privacyenforcement.net/public/activities

Multinational employer New idea – centralised database for HR related data Business case template check-box: “Meets HR Data Privacy Requirements” Could not be marked because of lack of relevant

documentation

Project denied Data transfer privacy requirements Risk associated with non-compliance

(Gracen 2008, p.38)

HR Data Privacy and Project Metrics


THREATS TO INFORMATION SECURITY

Human errors in data entry & handling

Damage by employee

Disgruntled & ill-informed employees: critical role of HR

Misuse of computer systems:

Unauthorized access to or use of information

Computer-based fraud

Viruses, worms & trojans: cyber terrorism

Hackers

Natural disasters

11


BEST PRACTICES IN HR INFORMATION SECURITY

Adopt A comprehensive privacy policy

Store sensitive personal data in secure computer systems and provide encryption

Dispose of documents properly or restore computer drives and cd-roms

Build document destruction capabilities into the office infrastructure

Conduct regular security practice training

Conduct privacy “walk-throughs” (Canavan, 2003; David, 2002; Tansley & Watson, 2000)

12


ADDITIONAL BEST PRACTICES IN HR INFORMATION SECURITY

The careful selection of staff with regard to their honesty and integrity

Raise information security awareness and ensure employees understand corporate security policies

Institute measures to address the personal problems of staff, such as gambling and drug addictions, which might lead them indulge in abuse for financial gains

Provide access to effective grievance procedures since the motivation for much computer abuse is retaliation against management

Kovach, Hughes, Fagan, and Maggitti (2002) Grundy, Collier, and Spaul (1994)

13


INFORMATION SECURITY MANAGEMENT FOR HRIS

ISO/IEC 27002

Administrative/Procedural

Logical/Technical

Physical Controls

14


INFORMATION PRIVACY

Comprises ethical, moral, and legal dimensions and has assumed greater importance with the increased adoption of the internet and Web 2.0.

Privacy is A human value consisting of four elements (Kovach & Tansey, 2000): Solitude: the right to be alone without disturbances

Anonymity: the rights to have no public personal identity

Intimacy: the right not to be monitored

Reserve: the right to control one’s personal information including the methods of dissemination of that information.

15


CONTROLLING ACCESS TO HR DATA

Administrative controls

Logical (technical) controls

Physical controls

Security classification for information

Access control

Cryptography

Defense in depth

16


INFORMATION PRIVACY AND HRIS

Concerns

Types of employee information that can be collected and stored in the system

Who can access and update the information (Noe et al., 1994; Sadri & Chatterjee, 2003)

Considerations

Collect and store information based on sound and valid business reasons (Hubbard Et Al., 1998)

Collect only information which is necessary, lawful, current, and accurate (Camardella, 2003)

17


HRIS SECURITY BEST PRACTICES

1. Train users on how to securely use and handle the equipment, data, and software.

2. Train employees to “log off” personal computers after they are through using them.

3. Do not allow passwords to be shared. Change passwords frequently.

4. Run software through a virus-detection program before using it on the system.

5. Ensure that backup copies, data files, software, and printouts are used only by authorized users.

(Noe et al., 1994; Pfleeger, 2006)

18


HRIS SECURITY BEST PRACTICES

1. Make backup copies of data files and programs.

2. Ensure that all software and mainframe applications include an audit trail (a record of the changes and transactions that occur in a system, including when and who performed the changes).

3. Use edit controls (such as passwords) to limit employees' access to data files and data fields.

4. Employees take responsibility for updating their employee records themselves via the self-service system.

(Noe et al., 1994; Pfleeger, 2006)

19

Effectiveness and efficiency depends on integrity and accuracy of data

DATA INTEGRITY

HR data management issues Siloed systems

Inaccurate or outdated information

Inefficient means of data sharing and transmission

Resulting in Delays in decision making

Missed opportunities

Preventing movement to strategic role

Costs millions of dollars each year

HR Data Availability, Quality and Integrity (Sopoci & Keebler 2005)

Government reporting requirements

Basic organisational efficiency

Credibility of HR function

Costs

Business critical issues (Sopoci & Keebler 2005)

Automation

Fragmented systems

Mix of manual and automated systems and processes

Manual override

Bad data

Outdated data

Why data becomes bad (Sopoci & Keebler 2005)

Best opportunity to fix data

Identify information needed

Don’t assume paper based data is accurate – check

Data audits

Conversions (Sopoci & Keebler 2005)

Develop an overall HR technology strategy

Master system into which all HR data is entered and resides (e.g. SAP HCM)

Keeping it clean (Sopoci & Keebler 2005)

Data integrity results in efficiency, effectiveness and strategic opportunities.

Protecting the privacy concerns of individuals requires a combination of law, processes, procedures and technology.

Organisations must ensure: Collection, maintenance, use and dissemination of personal

information is necessary, lawful, current, and accurate

Maintenance of high ethical standards(Wong & Thite 2009, p.404)

Conclusion

Over the past 3 years, Monster.com has had breaches in security.

In your discussion groups search for information about this security breach

Prepare a short presentation on this and include some analysis of the data integrity implications.

Web based exercise

hris issues

Technology

hrisprotecting information

mohan thite

sage publications

future directions

protection of data privacy

integration data integrity

integration of hris

computer systems