9 Min Read

How to maintain data privacy in PeopleSoft HCM

By Biv
June 28, 2019

Data privacy manage the proper handling of an individual’s sensitive and personal information. A large number of companies face the challenge of utilizing employee and applicant data while protecting a person’s privacy and personally identifiable information.

Data Integrity

PeopleSoft uses ‘Keys’ on database tables to link Employee data throughout the system. Keys are Unique and No Duplicates are allowed i.e. multiple employees cannot have the same Key value.

 

In PeopleSoft, PII/PCI data fields are not Keys e.g. SSN is unique in the US, but an employee in another country could also have the same ID Number. SSN is therefore stored in the database as National_ID and can have duplicate values.

 

To maintain data integrity, Keys should never be masked. The following are examples of PeopleSoft Keys:

  • User Profiles - OPRID 
  • Employee Data – EMPLID 
  • Organization – SETID, DEPT_ID, BUSINESS_UNIT

 

Note - Updating PII/PCI fields will not affect system integrity but will remove the ability to use masked fields to identify employees.

 

Primary PII & PCI Data 

The following fields are not Keys and are linked in PeopleSoft by EMPLID.

  • Name: full name, maiden name, mother’s maiden name, or alias
  • Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number, or credit card number
  • Personal address information: street address, or email address
  • Personal telephone numbers
  • Personal characteristics: photographic images 
  • Fingerprints, signatures
  • Biometric data: retina scans, voice signatures, or facial geometry
  • Information identifying personally owned property: VIN number or title number

 

Secondary PII & PCI Data

Fields that require a Primary Data field.

  • IP, MAC addresses that consistently link to a particular person
  • Date of birth, Place of birth
  • Business telephone number, mailing or email address
  • Race
  • Religion
  • Geographical indicators
  • Employment information
  • Medical information
  • Education information
  • Financial information

PeopleSoft has delivered features that comply with data privacy laws and allows you to:

  • Mask or hide personal data
  • Remove employee and applicant personal details
  • Obtain employee acknowledgment and consent
  • Identify sensitive and personable identifiable information

Data Masking in PeopleSoft HCM

Manager can employ the Installation Table to personal data masking. Choose “HCM Options” within the Installation Table. For personal and sensitive information shared by employees, it’s essential that the data is accessed by only authorized administrators such as HR administrators or HR service representatives.

PeopleSoft human capital management (HCM) provides role-levels protection for administrator components and make sure that only allowed users can access. To protect sensitive data, you can hide sensitive fields, for example, an employee’s national ID, date of birth (DOB), bank details, drivers license number, and passport number. To allow data masking, choose the “Enable Masking” checkbox on the Installation Table and tap to “Save" option.

For allowing data masking at the component and field group level, explore for “Set Up Component Level Masking.” For users without approved roles, the system hides the sensitive fields and masks the associated fields. For instance, you can pick to mask an employee’s driver's license numbers. You can allow full or incomplete masking. When HR representatives with insufficient security access review new hire assignments for the newly hired employee, they can confirm the appearance of a driver's license number, but the amount will be partially hidden.

Deleting Data in PeopleSoft HCM

It is also an essential part of data privacy laws. To delete employee data for a new hire, you move to "Applicant ID Delete page." Under this page, explore for your new hire. The right to be neglected entitles an employee or applicant to compel the company to erase his/her personal information. If an applicant requests to have his information deleted, the administrator chooses the applicant to be removed and runs the Applicant Delete process.

If an employee decided to try another opportunity and asked that all of his personal information be forgotten, to approve this request, the administrator must move to the "Person ID Delete page." After that, find for the employee. The administrator can eliminate specific tables from deletion.

Well, it is essential for organizations to maintain high-level or data privacy for their employees and applicants. PeopleSoft HCM offers you the various capabilities to assist customers in managing data privacy. For more details, stay in touch with Sentinel Software. We help you to maintain complete data privacy in PeopleSoft HCM.