Security for Employees' Personally Identifiable Information

Personally Identifiable Information

Personally identifiable information (PII) is any information that could be used to identify a particular person. Below is a list of the employee data stored in the Payroll module that is considered PII.

  • Name
  • Mailing address
  • Email address
  • Phone number
  • Social Security Number
  • Bank account numbers
  • Bank routing numbers
  • Date of birth

Viewing and Editing PII

PII is encrypted within Sage 100. Social Security, bank account, and bank routing numbers are considered highly sensitive, so extra security precautions are in place to protect that data.

You can view and edit the encrypted information when you're doing the following:

  • Printing reports and forms
  • Viewing and exporting data from lookup windows
  • Working in maintenance and data entry tasks

Your access to the encrypted data is based on your ability to access those features according to the security setup for your assigned role.

Viewing and Editing Highly Sensitive PII

The ability to view and edit Social Security, bank account, and bank routing numbers is based on the "Allow Viewing, Printing and Editing of Highly Sensitive Personally Identifiable Information" security event for the Payroll module in Role Maintenance.

If the security event check box is not selected, Social Security, bank account, and bank routing numbers are masked in Sage 100 windows and on reports and forms.

Visual Integrator

The Visual Integrator module also uses the "Allow Viewing, Printing and Editing of Highly Sensitive Personally Identifiable Information" security event to determine how PII is handled when importing and exporting employee data.

  • If the security event check box is selected, you can import data into the highly sensitive fields for both new and existing records. All encrypted data, including Social Security, bank account, and bank routing numbers, is unmasked when it's exported.
  • If the security event check box is not selected, you can import data into highly sensitive PII fields (those for Social Security Numbers, bank account numbers, and bank routing numbers) for new employee records only. You cannot update those fields for existing records. When exporting, you can export encrypted employee data, but Social Security, bank account, and bank routing numbers will be masked.

    Note If the security event check box is not selected for your role, and you run an import job that includes highly sensitive PII, the job log will show that the records were imported successfully, but the highly sensitive PII fields will not be updated in existing records.

Data File Display and Maintenance

Personally identifiable employee information is not visible in Data File Display and Maintenance.

Report Manager

When you run the Report Manager Menu Wizard to add a report, if you select Payroll from the Module list, you'll have the option to include the PR_EmployeePIIWrk worktable, the PR_ACAEmployeePIIWrk worktable, or both.

The PR_ACAEmployeePIIWrk worktable includes information from the following tables:

  • PR_Employee
  • PR_ACAEmployee
  • PR_ACAEmployeeCoveredInd
  • PR_ACAEmployeeMonthlyDtl
  • PR_EmployeeTaxFilingStatus
  • PR_ACAOfferOfCoverage
  • PR_ACASafeHarbor

 

If you include the worktables, they are populated with unencrypted data when the report is run from the report menu. The "Allow Viewing, Printing and Editing of Highly Sensitive Personally Identifiable Information" security event in Role Maintenance determines whether Social Security numbers, bank account numbers, and bank routing numbers are masked.

If you include the PII worktables, you must link the work tables to the existing report tables and insert the PII data into the report.

Anyone who has rights to run the report will see the PII data. As with the standard reports, the ability to view Social Security numbers, bank account numbers, and bank routing numbers is based on the "Allow Viewing, Printing and Editing of Highly Sensitive Personally Identifiable Information" security event in Role Maintenance.

External Reporting through ODBC

Personally identifiable employee information cannot be accessed via external reporting using an ODBC data source. The encrypted fields will be blank.