Network - Winter 2010 - (Page 25)
Private Property Payroll professionals need to know privacy laws because of their access to sensitive data Payroll professionals, whether working in-house for an employer or for an outsourced payroll provider, handle sensitive information as part of their jobs. They often have access to information on salaries, bank account numbers, addresses and other tidbits that appear in an employee’s file. However, not all of this information is necessary for payroll to have, so it’s important to know the limits of privacy policies and legislation to avoid getting into hot water for mishandling personal information. Payroll professionals must determine the difference between what they have a right to know, as someone with access, and what they need to know to do their job, says Ian Turnbull, executive director of the Canadian Privacy Institute and managing director of Toronto-based consulting firm Laird & Greer. Payroll professionals deal with information that is of interest to the government for tax purposes and to the employer for payment purposes. Sometimes, especially in smaller companies that share entire employee files, they can have access to more. But the main things payroll needs to know about employees are whether a person is employed by the company and how she is being paid, says Turnbull. Little else is needed, unless the employee is being paid on the basis of time or type of job being performed — then time cards or records of duties are necessary. Addresses aren’t really necessary, unless something is being mailed that can’t be given to the employee at work, he says. What privacy legislation applies? The federal Personal Information Protection and Electronic Documents Act (PIPEDA) governs privacy in all jurisdictions except British Columbia, Alberta and Quebec, which have separate privacy legislation. Interprovincial transactions fall under the federal scope, even if an employer is located in one of those three provinces. There can be confusion among employers and employees about how much personal information actually is protected, what obligations employers have in handling it and the consequences of failing to protect it. If an employee provides the employer with information specific to the individual, it’s generally accepted she is giving consent for the employer to use it for the reasons it’s being collected, such as payroll or other HR purposes, says Turnbull. “Generally speaking, everyone accepts the federal definition of personal information,” he says. “The primary issue is consent.” Consequences of a breach Privacy laws don’t necessarily have a lot of teeth when it comes to punitive measures for failing to protect employee NETWORK Winter 2009
Table of Contents for the Digital Edition of Network - Winter 2010
Network - Winter 2010
HRIA President’s Message
HRIA’s 2010 Board of Directors
Celebrating Excellence Awards
Recognizing Excellence in HR
Misconduct in the Blogosphere
Social Networking: What is Private and What is Professional?
Monitoring Online Behaviour of Employees
Privacy Legislation Impacts Talent-Management Programs, Too!
Breaching Privacy More Than a Legal Concern
Drug and Alcohol Testing: A Divided Nation?
Personal Information Protection Act
Index of Advertisers
Network - Winter 2010