PII Best Practices for HR Service Automation

As enterprises continue to automate processes for the Human Resources (HR) organization, additional care must be taken to protect Personally Identifiable Information (PII). Definitions of PII vary, but in general organizations entrusted with PII are held responsible for ensuring its security.     The ServiceNow HR Service Automation Application provides case management capability to enable improved service delivery by HR to employees. These are not payroll or benefits functions but focus on helping employees make requests for information (how do I request tuition reimbursement?), make changes to their information (I moved — can you mail my paycheck to my new address?) or help resolve issues (I can't log in to make my benefits selections).   When implementing an HR Service Automation application, it is a best practice to keep PII data in the HR system of record and not duplicate PII in the ServiceNow platform.   Here are some frequently asked questions about PII:

What is PII?

One major worry is that with PII, a criminal could steal someone's identity.   For most corporations or public institutions, PII is defined as non-public information that can be used to identify a specific individual.   This includes things like a national identification number (social security number in the US) or even just a part of it (like the last 4 digits), a driver's license or state ID number or even a home mailing address.   The industry standard definition of PII and best practices for protecting it is generally considered the National Institute of Science and Technology (NIST) publication 800-122.

What is the worry about PII?

Risk of financial loss. Identity theft is a major concern and damages resulting from identity theft can become a liability for those who are entrusted with it.   In September, 2013 it was discovered that multiple companies holding PII for millions of people were compromised.

Where should PII be kept?

An HR system of record like an HR Information System (HRIS) HR Management System (HRMS) stores the information necessary for an organization to take care of its employees.   These systems are designed to secure this data through implementation of security measures.   The ServiceNow Service Automation Platform is not normally viewed as an HR system of record.

Summary

In short, the ServiceNow platform can help HR organizations improve service delivery by automating processes and allowing employees a consumerized interface to HR, but PII should be kept in a single place - within an organization's HR system of record.