Protect Sensitive Personal Information in SAP HR

  • by Greg Robinette, Systems Engineer, Huntington Ingalls Industries–Newport News Shipbuilding
  • July 15, 2006
The SAP HR system often inadvertently exposes sensitive information. Follow this procedure to keep employees’ personal information such as Social Security numbers and other unique identifiers out of the wrong hands.
Key Concept

The key data that you must protect from exposure is known as personal identifying information (PII). This consists of an individual’s name, address, unique identifying number (such as a Social Security number or its international equivalent), and date of birth. This is familiar data to anyone who has ever had a job, applied for a loan, or participated in any health care activity. Over the past few years, the general public has begun to understand the intrinsic value of PII data. The increase in fraud is a less desirable consequence of the tremendous advances in collecting and processing data to provide enhanced value.

Recent stories in the news highlight the rise of identity theft and the increase in the number of data breaches at organizations around the globe. This correlation of events in the eyes of the public and legislative bodies has given rise to new laws and regulations that affect core HR data. The majority of the legislation relates primarily to the US. However, other areas (most notably the Asian and Pacific regions) are examining actions related to protecting personal data.

SAP HR professionals face the challenge of limiting the exposure of personal identifying information (PII) data within their own organization. New laws will soon require that organizations only useindividuals’ Social Security numbers (SSNs) for payroll and a few other narrowly defined purposes. Several US states no longer use the SSN as a key for personnel identification for non-payroll information. IBM is one of the most visible and significant examples of the trend in securing SSNs with its mandate that all benefits providers use some other unique identifier.

Greg Robinette

Greg Robinette is currently a Level 5 Systems Engineer at Huntington Ingalls–Newport News Shipbuilding. His primary focus is on the SAP systems and supporting the delivery of HR, Payroll, and Environmental, Health, and Safety business value. He is an active member of the Newport News Shipbuilding Information Technology Change Agent Network and provides support as needed to the Systems Engineering Community. Previously, Greg was an independent SAP HR/HCM, SAP Security and Privacy Technology consultant with over 15 years’ experience in SAP HCM, SAP security, HRIS, and privacy consulting. He is certified as an information security manager (CISM) by ISACA, as a Project Management Professional (PMP) by the Project Management Institute, as a Scrum Master (CSM) by the SCRUM Alliance, and as an SAP HR/HCM consultant by SAP.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.