In this day and age, payroll record-keeping is becoming a high priority for organisations. As an employer, it becomes their responsibility to securely manage sensitive payroll records and employee data, along with securely storing this confidential information.
What are payroll records?
Payroll records are a form of documentation maintained by employers that covers all compensation-related matters for employees within the organisation. This includes their basic wages, number of work hours, statutory deductions, taxes, bonuses and benefits reimbursements.
The onus is on employers to ensure that payroll records are accurate and updated. Accurate payroll records help to facilitate investigations should there be any payroll errors or fraud cases. It also facilitates annual payroll audits by statutory boards to ensure compliance with payroll regulations and legislations.
What type of information is typically captured in payroll records?
Here are some of the basic employee information and salary items that are being captured under an employee’s payroll record:
Name, address, phone number, national identity number
Department within the company
Start date with the company
Pay period (weekly, biweekly, semimonthly, or monthly)
Whether hourly or salaried
Tax contribution or exemption
How long do payroll records have to be kept for within the organisation?
Each country has their own set of payroll regulations in terms of payroll record-keeping. As a rule of thumb, always refer back to the respective country’s government website to stay updated on any changes in employment legislation.
Here is a breakdown of the number of years that payroll records must be kept for the respective countries in Asia:
Australia – 7 years
China – 5 years
Hong Kong – 7 years
India – 3 years
Malaysia – 7 years
Philippines – 5 years
Singapore – 2 years
South Korea – 3 years
Taiwan – 10 years
Thailand – 7 years
Why is it crucial to maintain payroll confidentiality?
There are many reasons why it is crucial to ensure payroll confidentiality.
Prevents identity theft
Payroll records do not simply provide an employee’s compensation records. It may also contain other sensitive employee information such as registered name, personal identification number, and personal address. For this information falls into the wrong hands, this may risk the employee’s personal information being used for illegal purposes.
Prevents jealousy among employees
Compensation may be a sensitive topic for some employees. Imagine the consequences if two employees from the same team at the same internal grade finds out that one is being remunerated more than the other? While employers cannot stop employees from willingly discussing compensation among themselves, it is important to keep employees’ payroll information confidential from employees.
Protect business information
Keeping your payroll records confidential provides you with a competitive edge over your business competitors. It prevents them from “stealing” away your employees and key talent by offering a more competitive compensation package than what your organisation is currently paying.
Ways to maintain payroll records confidentiality
It is imperative to have in place proper payroll record-keeping guidelines and procedures to minimise the risk of payroll data breaches. Here are five do’s to maintain payroll records accurately and securely.
Make use of online storage
If you are like majority of organisations that are trying to move away from storing payroll records in cabinets full of ring files, that’s great! Storing payroll records in cloud-based platforms means that employers do not have to worry about the lack of storage space. Cloud-based platforms also offer employers enhanced data security features and encryption software that allows large databases of payroll records to be stored securely while maintaining easy accessibility.
Limit access to payroll data
Access to payroll information should be limited to designated employees. At the same time, limit the extent of access that each designated user has. For instance, if you have an employee that is responsible for running payroll, ensure that he or she only has access to payroll information that is necessary for payroll processing. If there is another employee that manages that company’s bank accounts for payroll, only grant him or her access to view payroll records without the editing functionality. By limiting and granting the appropriate access to the people that have access to payroll records, this minimises the risk of unauthorised access to confidential payroll information.
Create strong passwords
Creating a strong password limits the chances of unauthorised access to payroll data. A good password will include a combination of uppercase and lowercase letters, symbols and numbers. Ensure that only authorised employees have access to these passwords. Avoid using a password that is easy to guess such as your company name or personal name. Similarly, create different passwords for each corporate account and payroll systems.
Change passwords regularly
If the employee that was responsible for managing payroll has resigned, do change the passwords for all the accounts that the particular employee has access to. This prevents the resigned employee from accessing confidential payroll data after they leave the organisation. Even if employees that are handling payroll do not resign from the organisation, it is a good practice to change your passwords regularly such as every three or four months. This makes it more difficult to guess the passwords.
Destroy old records securely
If there is a need to destroy old payroll records, ensure that they are done securely to avoid any misuse of confidential information. Payroll records, no matter how backdated they may be, may still contain sensitive information. Using a document shredder is a good and quick way to destroy hardcopies of historical payroll information securely.