Legal-Payroll.pdf

8/11/2019 Legal-Payroll.pdf

1/6

WWW.IOMA.COM/PAYISSUE 06-09 SEPTEMBER 2006

CONTINUED ON PAGE 11

CONTINUED ON PAGE 6

IN THIS ISSUE

EXCLUSIVE PMRSURVEYWhat Payroll ManagersAre Benchmarkingand Why..................1

EMPLOYEE DATAPROTECTION

Is Your Staff Risking theSecurity of EmployeeData?......................1

LEAVE DONATIONIRS Offers Guidanceon Employee Leave-Sharing Plans...........1

Legal News Briefs.....2

LEADERSHIPWhats Keeping YouFrom Being the Leader

Your Payroll Dept.Needs?....................3

MOVING EXPENSESRelocation Expenses:Taxable Wagesor Not?....................5

PMRCalendar........12

Technology NewsBriefs.....................13

Strategic Planningin the PayrollDepartment ...........15

CONTINUED ON PAGE 8

EXCLUSIVE PMRSURVEY

What Payroll Managers AreBenchmarkingand Why

Anecdotal comments from payroll professionals interviewed by PMR suggest

that although these individuals feel theyshouldbe benchmarking their pay-roll processesmany dont. Why?Often cited reasons include: Our system

isnt equipped to collect such data or Cant get my boss to see the value in

it [investing of time]. Such thinking, however, is completely out of line with

todays payroll best practices.

Those who completed PMRs2006 Payroll Benchmarking Survey say bench-

marking forced them to think about departmental efficiency, costs, and service

EMPLOYEE DATA PROTECTION

Is Your Staff Riskingthe Security ofEmployee Data?

A recent year-to-date audit by

Palisade Systems Inc. of data theft

cases recorded by the Privacy Rights

Clearinghouse shows that employees

represent the largest and costliest

threat to organizations that store,send, or access consumers person-

ally identifiable information such

as Social Security numbers, bank

account numbers, health-care re-

cords, etc.

Between June 21, 2005, and May

31, 2006, privacyrights.org recorded

LEAVE DONATION

IRS Offers Guidanceon Employee Leave-Sharing Plans

By Marjorie Griffing, J.D.

When disasters strikehurricanes

in the South or forest fires in the

Westmany employers

look for ways to help theiremployees affected by

these natural catastrophes.

While helping employees in

a time of need is a laudable

goal, due consideration

needs to be given to the

tax consequences of this

generosity.

This Month in Payroll

Sept. 1, 7, 8, 13, 15, 20, 22, 27, 29:For semiweekly depositors, deposit SocialSecurity, Medicare, and withheld incometaxes.

Sept. 4:Labor Daylegal holiday.

Sept. 4-8:National Payroll Week.

Sept. 15: If monthly depositor, depositSocial Security, Medicare, and withheldincome tax for payments in August.

Sept. 16: FPC/CPP certification examperiod begins.


2/6

8 www.ioma.com SEPTEMBER 2006

PAYROLL MANAGER S REPORT

6%

94%

12%

88%

11%

89%100%

33%

67%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Up to 200 200 to 500 500 to 1000 1000 to 2000 2000 and more

NoYes

Figure 2. Do You Benchmark Payroll Processes?

By Number of Employees

Number of Employees

0-12-3

4-67 or more

3%92%

85%

63%

7%8% 15%

38%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

NoYes

Figure 3. Do You Benchmark Payroll Processes?By Payroll Department Staff

Number of FTEs in Payroll Department

average payroll department in our survey

is staffed with 5.1 full-time equivalent

employees (FTEs) and operates on an aver-

age annual budget of $655,572 (median

$191,300). Noted process metrics culled in

our preliminary compilations indicate, on

average, that respondents take:

l6.4 days from receipt of garnishment

order to withhold in the payroll system

(median five days).

l3.7 days from the new-hire date to

entry of employee into the payroll system

(median1.7 days).

l6 days from employee termination to

removal from payroll system (median five

days).

l1.8 days to resolve payroll error (me-

dian one day).

l 1.7 days to resolve payroll-related

employee inquiries.

Benchmark to inform your opera-

tional decisions.In order to set goals for

your staff productivity, determine whether

the department is bending too far back-

ward to accommodate customer requests

(and hence, whether you need to redefine

excellent customer service), and to what

extent costs can be reduced. Benchmark-

ing your payroll processes will give you the

answersquantitatively, no less. o

Employee Data ProtectionCONTINUED FROM PAGE 1

126 data breaches, 83 of which were caused

by trusted sources like the employees and

consultants who had authorization to access

sensitive data on their employer or custom-ers. This analysis confirms that employee

data is at risk from external and internal

culprits.

How to protect sensitive employee

data from insiders.While this data analy-

sis illustrates that the vast majority (83%) of

internal breaches are accidental, prudence

dictates that organizations take measures to

prevent even accidental breaches (see Table

1). Remember, your employees, vendors,and consultants arent restricted by the

same security hoops as external hackers.

Best advice: Take a defensive posture

with employee background screenings and

an offensive position with systems.

Conduct background checks. If you

dont currently do this, perhaps its time


3/6

www.ioma.com 9SEPTEMBER 2006


to consider employee background screen-

ingespecially if you plan to hire temps to

help with the hectic year-end. Here are a few

tips from Barry Nadell, author ofSleuthing

101: Background Checks and the Law and

president of InfoLink Screening Services Inc.,

a national background screening company

(www.infolinkscreening.com):

lAdvise all applicants that your company

performs background checks, and obtains

their authorization in advance.

lWrite a background-screening policy

and distributes it to all employees. In your

policy, list the required searches for each

job positions, inferring that promotions

are based on a satisfactory response fromthe background check. It is important that

employees know that you may perform post-

hire searches. Once your policy is complete,

distribute forms to all employees and ask

for their signatures in advance.

l Insist that your temporary employ-

ment agency perform criminal background

checks, and get a copy of the background

screening report prior to hiring any temp.

As you are a party in interest, make surethe disclosure form authorizes you to a copy

of every report.

l Require vendors and independent

contractors who come onto your premises

to carry out criminal background checks on

their employees. This requirement costs you

nothing and protects your employees. Insist

that your vendor/independent contractor

sign off that each criminal background

check was completed and reviewed beforethey send a representative to your location;

require audit rights.

Use content monitoring software.The

audit concludes that none of the organiza-

tions that discovered unauthorized use or

access of sensitive data deployed content

monitoring and blocking technology ca-

pable of stopping sensitive data before its

sent outside the network. While updated

policies and procedures help enforce the

protection and use of sensitive data, tech-

nology will still play a critical role when

these policies and procedures fail to stop

an employee or consultant that maliciously

wants to send sensitive data to an unau-

thorized source outside the organization,

observes Palisades.

Content monitoring and filtering tech-

nology provides employers with the means

to not only control how their employees

communicate, but to also see what sensitive

data their employees are accessing and try-

ing to send outside the network. For more

information on this technology, visit www.

palisadesys.com.

How payroll can protect employee

information from outsiders. IOMAs

Employee Privacy Survey, which had 192

responding organizations, indicates that

the leading methods companies are using

to keep employee data confidential are the

easiest to institute: limiting the number of

personnel who have access to the sensitive

data (97.4%) and using manual steps, such

as locking files cabinets and offices (96.9%;

see Table 2).

Only half of the responding organiza-

tions have a formal, written protection policy

covering employee data that is given to all

staff handling sensitive information. This

is another basic step that not only protects

the data but can also help to demonstrate

that the organization was trying to protect

Table 1. Internal Security Breaches

All Breaches Number PercentMalicious 9 10.8%Accidental 69 83.1Undertermined 5 6.0(Source: www.privacyrights.org/ar/ChronDataBreaches.htm)


4/6

10 www.ioma.com SEPTEMBER 2006


employee data if there is a security breach

and someone sues.

Encrypting data onsite (33.3%) and for

transmission between offices or locations

(21.9%) were less popular choices for pro-

tecting employee data. However, these canstill provide stronger protection, since a

lost laptop or other mishaps cant become

a privacy information calamity if a thief is

unable to read and misuse the informa-

tion.

The ubiquitous Social Security num-

ber. Respondents discussed actions they

were taking to improve or enhance security.

Simple steps included removing SSNs from

pay stubs and employment applicationsto full-fledged programs involving HR,

information services and security. Getting

SSNs off your employment information is a

good idea, even if you arent operating in

a state that forbids the use of the numbers

for nongovernmental purposes.

We immediately removed the SSN

from the employment application, noted

the VP of HR at a vocational rehabilitation

organization with 350 full-time equivalentemployees. (For recommendations from

the California Office of Privacy Protections

on the use and display of SSNs, see the

accompanying sidebar.)

Others are taking a broad approach,

seeing employee information privacy as

part of a larger effort to secure data and

other records of the organization. Wehave removed the use of the SSN in many

of our internal and external processes ex-

cept where we have to provide the data.

Processes are in place to screen for and, if

necessary, report on any breaches. [This]

provides employees and members with

peace of mind that their personal informa-

tion is kept secure, writes a compensation

analyst at a 24,000-employee financial

services firm.

Overall, tightening of all information

security not only protects data, respondents

maintain, it makes employees happy to

know the organization is looking out for

their information.

Sarbanes-Oxley compliance has en-

hanced the security policies and procedures

in place. Maintaining the highest level of

security of employee information is im-

portant to the company from not only acompliance standpoint, but for the good of

the employees, as well, noted an employee

Table 2. How Companies Protect Employee Information, By Number of Employees

Number of Employees351 More Than

Overall 1 to 350 to 1,000 1,000

Limit number of HR/other personnel with access to data 97.4% 97.0% 96.9% 100.0%Manual protections (such as locked file cabinets and offices) 96.9 99.0 100.0 94.6

Integrated software applications include protections for transfer of 56.8 53.0 53.1 73.0 information between HR, payroll, finance, etc.The organization has a formal, written data protection policy that 50.0 40.0 50.0 78.4 applies to HR data, and this policy is given to all staff handling

sensitive informationEncrypted computer data on site 33.3 28.0 21.9 45.9Encrypted backup data by third party administrator or vendor 31.3 23.0 37.5 40.5Encrypted data for transmission between offices/locations 21.9 14.0 25.0 37.8Other 8.3 8.0 12.5 8.1

(Source: IOMAsEmployee Privacy Survey)


5/6

www.ioma.com 11SEPTEMBER 2006


Recommended Practices for

Protecting Social Security Numbers

Excerpts from The Recommended Practices forProtecting the Confidentiality of Social SecurityNumbers, California Department of ConsumerAffairs, Office of Privacy Protections. To view thecomplete document, go to www.privacy.ca.gov/recommendations/ssnrecommendations.pdf:

lReduce the collection of SSNs.Collect SSNspreferably only where required to do so by federal orstate law.

lInform individuals when you request theirSSN.Whenever you collect SSNs as required by law,inform the individuals of the purpose of the collecting,the intended use, whether the law requires thenumber to be provided or not, and the consequencesof not providing the number.

lEliminate the public display of SSNs.Donot put SSNs on documents that are widely seenby others, such as ID cards, badges, time cards,employee rosters, bulletin board postings, and othermaterials.

lControl access to SSNs.Use logs or electronic

audit trails to monitor employees access to recordswith SSNs.

lProtect SSNs with security safeguards.Develop written policies for protecting theconfidentiality of SSNs. For example, do not leavevoicemail messages containing SSNs.

lMake your organization accountable forprotecting SSNs.Provide written material andannual training for employeesnew, temporary, andcontracton their responsibilities in handling SSNs.

benefits consultant for a 915-employee

manufacturer.

Making payroll data stewards.Not-

withstanding a few shady workers, most

employees simply make errors in judg-

mentalbeit it with major implications suchas losing a laptop containing sensitive em-

ployee information. Continuous education

on the topic is working for one organization:

Constant management education about

systems, how to handle information, why

it is important to treat things confidentially,

and so forth is crucial, said the HR manager

for a 12,000-employee government office.

Even those with a need to know need to

be routinely reminded that the information

they see is not story telling material.

Get involved.In November 2005, the

American Payroll Association created theData Privacy and Security subcommittee of

its Government Affairs Task Force. Twice a

month, the subcommittee holds conference

calls featuring subject matter experts and

an open forum for information exchange

among its members. For more information

about joining the subcommittee, email

William Dunn (dunnw@americanpayroll.

org) or Carla R. Gracen (Carla.r.gracen@

ceridian.org). o

Leave DonationCONTINUED FROM PAGE 1

The IRS recently released Notice 2006-

59, which illustrates key factors that employ-

ers should consider to ensure that any aid

donated to employees isnt diminished by

unexpected tax burdens. Specifically, this

notice provides guidance on the federal

tax consequences of certain leave-sharing

plans that permit employees to deposit leave

in an employer-sponsored bank for use by

other employees who have been adversely

affected by a major disaster.

Will the employees good deed go

untaxed?In the wake of disasters, some

employees have offered to allow other

affected employees to use leave to cover

salaries while dealing with the disaster.

Against the backdrop of the general rules

of what is wages and income to the em-

ployee (see the accompanying sidebar), the

tax consequences of such an offer could

prevent this act of generosity from having

its intended consequences.

How?Without specific guidance, the per-

son donating the leave could have the value

of that leave included in his or her gross


6/6

Legal-Payroll.pdf

Documents

Transcript of Legal-Payroll.pdf