I just realized I had not posted in a while....
Let's talk a little about protecting secure data. Best practice dictates that if you need the access to perform your job, then you should have access. I suppose where it gets tricky is there are those who think they need access, but they really don't.
I work for an organization where many employees have tenure well over 10 years. In fact, I have a direct report with 25 years of tenure. We hear a lot of "that's how we've always done it." In the past, everyone shared and loved each other (professionally speaking) and many departments gave access to data to pretty much anyone who asked for it.
Times have changed.... While there is still a friendly atmosphere, best practices have evolved, as well as our internal processes and controls.
It's a tough sell to an internal business partner when you cut off their access. Fits. Rage. Angry words. Yes, I got all of it. I've outlined a new process, one with less steps and more control, and was still cursed at. I tried my hardest to firmly and politely state that just because you send the Payroll department information does not mean you get full Payroll data base access. And why would you? "Because we've always had access." That's a poor argument. My reply, "What access do you really need?" No answer.
So, this post is really just me griping about my internal discussion. You get the access you NEED, not the access you WANT. It's that simple.
Here's a great article that Chron posted on Payroll confidentiality:
http://smallbusiness.chron.com/confidentiality-payroll-information-40356.html
No comments:
Post a Comment