Remote working demands a rethink about HR and payroll data

Working from home

Right across the UK, HR and payroll departments are facing intense pressures generated by the coronavirus lockdown.

Most are doing an admirable job, despite the unparalleled scale of the difficulties. Some 47 per cent of the UK workforce now works from home, which is placing huge burdens on HR and payroll staff who are likely to be operating from spare bedroom offices themselves. Employees still need to be paid, expect fast access to personal and company data and want rapid responses to questions, which may involve highly confidential health information. All this is data that has to be processed and protected without affecting business continuity.

Lesley Holmes, Data Protection Officer at MHR explains that as the crisis continues, however, concerns are also emerging about how we protect this data and maintain confidentiality. Employees working remotely are exchanging and handling sensitive HR and employment information on a massive scale. The recent concerns around the privacy of video conferencing applications, along with a spate of email-led cyber frauds has only added to what are justifiable concerns about employee data-protection in the Covid-19 era.

It is a challenge that has focused the attention of the ICO (Information Commissioner’s Office) which administers the UK’s data protection laws. While the ICO has promised to be pragmatic during the crisis, its guidance emphasises the duty to safeguard data, especially in relation to home working.

It means organisations must review their policies and procedures and ensure all staff receive necessary training and guidance on both data protection and information security when working remotely. The ICO is particularly concerned about data being handled sloppily on employees’ own devices or stored on USB sticks – a concern that HR and payroll should heed.

To head off the potential for breaches, HR and payroll departments need to reassess their data flows, spot potential gaps or points of weakness in procedures and then take action to plug them. All organisations should be sure they can meet the 30-day requirement for responding to employee’s data requests, for example. A successful class action for a more significant breach of GDPR rules about employee data during lockdown will also be very costly, remember.

When it comes to administering payroll, a surprising number of firms have made it harder for themselves (more than half of large businesses in one survey) by relying on spreadsheets or paper timesheets. To reduce the risk of these records falling into the wrong hands, they should be scanned and sent electronically, even if they have to go to the home of a payroll administrator, which is not ideal. It’s in employees’ homes that poor procedures could jeopardise data security. Payroll and HR employees working from home must be rigorous. Nobody else in the household, for example, should have access to any employee data.

There are other basic steps that all HR and payroll departments should follow. Where, for instance, companies are using HR and payroll systems that allow remote internet access, back-office and HR employees should try to use company laptops or desktops. This is because they are more likely to have better cyber protection against malware and viruses that can potentially open up an entire system to hackers.

Problems are more acute for companies that have not switched to cloud-based HR and payroll platforms. A cloud-based platform, built by providers with expertise in the field, is designed for secure remote access and will have data-security at its core. The advantages are even greater in lockdown if the platform is also employee-facing and includes social media-type features that generate greater communication between teams, individuals and managers.

The benefits are manifold. Targeted communication is not only much easier, it is much more secure, allowing for the safe transfer of documents and files as well as easier conversations between employees, HR and payroll. Anytime, anywhere access means there is much greater flexibility and a high level of self-service in accessing information, but without compromising data integrity. If HR teams ­­­are under pressure to answer a stream of queries about health or family concerns, then mistakes with data are all too easy. They can be overwhelmed. They need a purpose-designed channel of communication to handle questions about everything from furlough, to reduced earnings, new work patterns, deferred bonuses, promotions and so on. This is what a platform solution provides, with some offering chatbots designed to operate in compliance with data regulation.

A cloud platform will also take care of security patching and detailed updates that ensure the software is constantly aligned with changes in legislation. GDPR compliance will be in-built, freeing employees to get on with their jobs, while protecting against costly infringements. Any potential mistakes will be quickly flagged up.

Organisations are right to be concerned about HR and payroll data. Transparency and trust are essential at any time, but especially in a crisis. Employees expect efficiency and quick answers, but they must also have faith in how their information is handled. Achieving this without a platform that has cloud-access and integrates HR and payroll with social media functionality is going to be difficult.

Coronavirus has forced upon us the most substantial change in working practices for decades, but it may also provide the best opportunity to rethink how we collect and use data for payroll and HR