Post on 02-Jun-2018
8/11/2019 Legal-Payroll.pdf
1/6
WWW.IOMA.COM/PAYISSUE 06-09 SEPTEMBER 2006
CONTINUED ON PAGE 11
CONTINUED ON PAGE 6
IN THIS ISSUE
EXCLUSIVE PMRSURVEYWhat Payroll ManagersAre Benchmarkingand Why..................1
EMPLOYEE DATAPROTECTION
Is Your Staff Risking theSecurity of EmployeeData?......................1
LEAVE DONATIONIRS Offers Guidanceon Employee Leave-Sharing Plans...........1
Legal News Briefs.....2
LEADERSHIPWhats Keeping YouFrom Being the Leader
Your Payroll Dept.Needs?....................3
MOVING EXPENSESRelocation Expenses:Taxable Wagesor Not?....................5
PMRCalendar........12
Technology NewsBriefs.....................13
Strategic Planningin the PayrollDepartment ...........15
CONTINUED ON PAGE 8
EXCLUSIVE PMRSURVEY
What Payroll Managers AreBenchmarkingand Why
Anecdotal comments from payroll professionals interviewed by PMR suggest
that although these individuals feel theyshouldbe benchmarking their pay-roll processesmany dont. Why?Often cited reasons include: Our system
isnt equipped to collect such data or Cant get my boss to see the value in
it [investing of time]. Such thinking, however, is completely out of line with
todays payroll best practices.
Those who completed PMRs2006 Payroll Benchmarking Survey say bench-
marking forced them to think about departmental efficiency, costs, and service
EMPLOYEE DATA PROTECTION
Is Your Staff Riskingthe Security ofEmployee Data?
A recent year-to-date audit by
Palisade Systems Inc. of data theft
cases recorded by the Privacy Rights
Clearinghouse shows that employees
represent the largest and costliest
threat to organizations that store,send, or access consumers person-
ally identifiable information such
as Social Security numbers, bank
account numbers, health-care re-
cords, etc.
Between June 21, 2005, and May
31, 2006, privacyrights.org recorded
LEAVE DONATION
IRS Offers Guidanceon Employee Leave-Sharing Plans
By Marjorie Griffing, J.D.
When disasters strikehurricanes
in the South or forest fires in the
Westmany employers
look for ways to help theiremployees affected by
these natural catastrophes.
While helping employees in
a time of need is a laudable
goal, due consideration
needs to be given to the
tax consequences of this
generosity.
This Month in Payroll
Sept. 1, 7, 8, 13, 15, 20, 22, 27, 29:For semiweekly depositors, deposit SocialSecurity, Medicare, and withheld incometaxes.
Sept. 4:Labor Daylegal holiday.
Sept. 4-8:National Payroll Week.
Sept. 15: If monthly depositor, depositSocial Security, Medicare, and withheldincome tax for payments in August.
Sept. 16: FPC/CPP certification examperiod begins.
8/11/2019 Legal-Payroll.pdf
2/6
8 www.ioma.com SEPTEMBER 2006
PAYROLL MANAGER S REPORT
6%
94%
12%
88%
11%
89%100%
33%
67%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Up to 200 200 to 500 500 to 1000 1000 to 2000 2000 and more
NoYes
Figure 2. Do You Benchmark Payroll Processes?
By Number of Employees
Number of Employees
0-12-3
4-67 or more
3%92%
85%
63%
7%8% 15%
38%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
NoYes
Figure 3. Do You Benchmark Payroll Processes?By Payroll Department Staff
Number of FTEs in Payroll Department
average payroll department in our survey
is staffed with 5.1 full-time equivalent
employees (FTEs) and operates on an aver-
age annual budget of $655,572 (median
$191,300). Noted process metrics culled in
our preliminary compilations indicate, on
average, that respondents take:
l6.4 days from receipt of garnishment
order to withhold in the payroll system
(median five days).
l3.7 days from the new-hire date to
entry of employee into the payroll system
(median1.7 days).
l6 days from employee termination to
removal from payroll system (median five
days).
l1.8 days to resolve payroll error (me-
dian one day).
l 1.7 days to resolve payroll-related
employee inquiries.
Benchmark to inform your opera-
tional decisions.In order to set goals for
your staff productivity, determine whether
the department is bending too far back-
ward to accommodate customer requests
(and hence, whether you need to redefine
excellent customer service), and to what
extent costs can be reduced. Benchmark-
ing your payroll processes will give you the
answersquantitatively, no less. o
Employee Data ProtectionCONTINUED FROM PAGE 1
126 data breaches, 83 of which were caused
by trusted sources like the employees and
consultants who had authorization to access
sensitive data on their employer or custom-ers. This analysis confirms that employee
data is at risk from external and internal
culprits.
How to protect sensitive employee
data from insiders.While this data analy-
sis illustrates that the vast majority (83%) of
internal breaches are accidental, prudence
dictates that organizations take measures to
prevent even accidental breaches (see Table
1). Remember, your employees, vendors,and consultants arent restricted by the
same security hoops as external hackers.
Best advice: Take a defensive posture
with employee background screenings and
an offensive position with systems.
Conduct background checks. If you
dont currently do this, perhaps its time
8/11/2019 Legal-Payroll.pdf
3/6
www.ioma.com 9SEPTEMBER 2006
PAYROLL MANAGER S REPORT
to consider employee background screen-
ingespecially if you plan to hire temps to
help with the hectic year-end. Here are a few
tips from Barry Nadell, author ofSleuthing
101: Background Checks and the Law and
president of InfoLink Screening Services Inc.,
a national background screening company
(www.infolinkscreening.com):
lAdvise all applicants that your company
performs background checks, and obtains
their authorization in advance.
lWrite a background-screening policy
and distributes it to all employees. In your
policy, list the required searches for each
job positions, inferring that promotions
are based on a satisfactory response fromthe background check. It is important that
employees know that you may perform post-
hire searches. Once your policy is complete,
distribute forms to all employees and ask
for their signatures in advance.
l Insist that your temporary employ-
ment agency perform criminal background
checks, and get a copy of the background
screening report prior to hiring any temp.
As you are a party in interest, make surethe disclosure form authorizes you to a copy
of every report.
l Require vendors and independent
contractors who come onto your premises
to carry out criminal background checks on
their employees. This requirement costs you
nothing and protects your employees. Insist
that your vendor/independent contractor
sign off that each criminal background
check was completed and reviewed beforethey send a representative to your location;
require audit rights.
Use content monitoring software.The
audit concludes that none of the organiza-
tions that discovered unauthorized use or
access of sensitive data deployed content
monitoring and blocking technology ca-
pable of stopping sensitive data before its
sent outside the network. While updated
policies and procedures help enforce the
protection and use of sensitive data, tech-
nology will still play a critical role when
these policies and procedures fail to stop
an employee or consultant that maliciously
wants to send sensitive data to an unau-
thorized source outside the organization,
observes Palisades.
Content monitoring and filtering tech-
nology provides employers with the means
to not only control how their employees
communicate, but to also see what sensitive
data their employees are accessing and try-
ing to send outside the network. For more
information on this technology, visit www.
palisadesys.com.
How payroll can protect employee
information from outsiders. IOMAs
Employee Privacy Survey, which had 192
responding organizations, indicates that
the leading methods companies are using
to keep employee data confidential are the
easiest to institute: limiting the number of
personnel who have access to the sensitive
data (97.4%) and using manual steps, such
as locking files cabinets and offices (96.9%;
see Table 2).
Only half of the responding organiza-
tions have a formal, written protection policy
covering employee data that is given to all
staff handling sensitive information. This
is another basic step that not only protects
the data but can also help to demonstrate
that the organization was trying to protect
Table 1. Internal Security Breaches
All Breaches Number PercentMalicious 9 10.8%Accidental 69 83.1Undertermined 5 6.0(Source: www.privacyrights.org/ar/ChronDataBreaches.htm)
8/11/2019 Legal-Payroll.pdf
4/6
10 www.ioma.com SEPTEMBER 2006
PAYROLL MANAGER S REPORT
employee data if there is a security breach
and someone sues.
Encrypting data onsite (33.3%) and for
transmission between offices or locations
(21.9%) were less popular choices for pro-
tecting employee data. However, these canstill provide stronger protection, since a
lost laptop or other mishaps cant become
a privacy information calamity if a thief is
unable to read and misuse the informa-
tion.
The ubiquitous Social Security num-
ber. Respondents discussed actions they
were taking to improve or enhance security.
Simple steps included removing SSNs from
pay stubs and employment applicationsto full-fledged programs involving HR,
information services and security. Getting
SSNs off your employment information is a
good idea, even if you arent operating in
a state that forbids the use of the numbers
for nongovernmental purposes.
We immediately removed the SSN
from the employment application, noted
the VP of HR at a vocational rehabilitation
organization with 350 full-time equivalentemployees. (For recommendations from
the California Office of Privacy Protections
on the use and display of SSNs, see the
accompanying sidebar.)
Others are taking a broad approach,
seeing employee information privacy as
part of a larger effort to secure data and
other records of the organization. Wehave removed the use of the SSN in many
of our internal and external processes ex-
cept where we have to provide the data.
Processes are in place to screen for and, if
necessary, report on any breaches. [This]
provides employees and members with
peace of mind that their personal informa-
tion is kept secure, writes a compensation
analyst at a 24,000-employee financial
services firm.
Overall, tightening of all information
security not only protects data, respondents
maintain, it makes employees happy to
know the organization is looking out for
their information.
Sarbanes-Oxley compliance has en-
hanced the security policies and procedures
in place. Maintaining the highest level of
security of employee information is im-
portant to the company from not only acompliance standpoint, but for the good of
the employees, as well, noted an employee
Table 2. How Companies Protect Employee Information, By Number of Employees
Number of Employees351 More Than
Overall 1 to 350 to 1,000 1,000
Limit number of HR/other personnel with access to data 97.4% 97.0% 96.9% 100.0%Manual protections (such as locked file cabinets and offices) 96.9 99.0 100.0 94.6
Integrated software applications include protections for transfer of 56.8 53.0 53.1 73.0 information between HR, payroll, finance, etc.The organization has a formal, written data protection policy that 50.0 40.0 50.0 78.4 applies to HR data, and this policy is given to all staff handling
sensitive informationEncrypted computer data on site 33.3 28.0 21.9 45.9Encrypted backup data by third party administrator or vendor 31.3 23.0 37.5 40.5Encrypted data for transmission between offices/locations 21.9 14.0 25.0 37.8Other 8.3 8.0 12.5 8.1
(Source: IOMAsEmployee Privacy Survey)
8/11/2019 Legal-Payroll.pdf
5/6
www.ioma.com 11SEPTEMBER 2006
PAYROLL MANAGER S REPORT
Recommended Practices for
Protecting Social Security Numbers
Excerpts from The Recommended Practices forProtecting the Confidentiality of Social SecurityNumbers, California Department of ConsumerAffairs, Office of Privacy Protections. To view thecomplete document, go to www.privacy.ca.gov/recommendations/ssnrecommendations.pdf:
lReduce the collection of SSNs.Collect SSNspreferably only where required to do so by federal orstate law.
lInform individuals when you request theirSSN.Whenever you collect SSNs as required by law,inform the individuals of the purpose of the collecting,the intended use, whether the law requires thenumber to be provided or not, and the consequencesof not providing the number.
lEliminate the public display of SSNs.Donot put SSNs on documents that are widely seenby others, such as ID cards, badges, time cards,employee rosters, bulletin board postings, and othermaterials.
lControl access to SSNs.Use logs or electronic
audit trails to monitor employees access to recordswith SSNs.
lProtect SSNs with security safeguards.Develop written policies for protecting theconfidentiality of SSNs. For example, do not leavevoicemail messages containing SSNs.
lMake your organization accountable forprotecting SSNs.Provide written material andannual training for employeesnew, temporary, andcontracton their responsibilities in handling SSNs.
benefits consultant for a 915-employee
manufacturer.
Making payroll data stewards.Not-
withstanding a few shady workers, most
employees simply make errors in judg-
mentalbeit it with major implications suchas losing a laptop containing sensitive em-
ployee information. Continuous education
on the topic is working for one organization:
Constant management education about
systems, how to handle information, why
it is important to treat things confidentially,
and so forth is crucial, said the HR manager
for a 12,000-employee government office.
Even those with a need to know need to
be routinely reminded that the information
they see is not story telling material.
Get involved.In November 2005, the
American Payroll Association created theData Privacy and Security subcommittee of
its Government Affairs Task Force. Twice a
month, the subcommittee holds conference
calls featuring subject matter experts and
an open forum for information exchange
among its members. For more information
about joining the subcommittee, email
William Dunn (dunnw@americanpayroll.
org) or Carla R. Gracen (Carla.r.gracen@
ceridian.org). o
Leave DonationCONTINUED FROM PAGE 1
The IRS recently released Notice 2006-
59, which illustrates key factors that employ-
ers should consider to ensure that any aid
donated to employees isnt diminished by
unexpected tax burdens. Specifically, this
notice provides guidance on the federal
tax consequences of certain leave-sharing
plans that permit employees to deposit leave
in an employer-sponsored bank for use by
other employees who have been adversely
affected by a major disaster.
Will the employees good deed go
untaxed?In the wake of disasters, some
employees have offered to allow other
affected employees to use leave to cover
salaries while dealing with the disaster.
Against the backdrop of the general rules
of what is wages and income to the em-
ployee (see the accompanying sidebar), the
tax consequences of such an offer could
prevent this act of generosity from having
its intended consequences.
How?Without specific guidance, the per-
son donating the leave could have the value
of that leave included in his or her gross
8/11/2019 Legal-Payroll.pdf
6/6