HR & Payroll Risk
SCENARIO
Payroll Information Is Shared by Mistake
THE SCENARIO
During a routine management meeting conducted over video call, a manager shares their screen to present a report. The spreadsheet they open contains a full salary schedule for the department - including salary amounts, leave balances and banking details for every employee in the team. Several people in the call were not supposed to see this information. By the time the manager realises the mistake, everyone has already seen it.
1
How This Typically Happens
Payroll information is often stored in the same general shared environment as other business documents. Salary spreadsheets live in shared drives, travel in email threads, and are accessed by more people than necessary - often without anyone intending for this to happen. When someone prepares for a meeting quickly, they may not realise which files are open or visible until it is too late.
2
Why Businesses Often Miss the Warning Signs
Most businesses do not regularly review who has access to payroll documents. Access is typically granted once - when someone joins the HR or finance team - and rarely reviewed after that. Because nothing appears to go wrong day-to-day, the risk of accidental exposure is not visible until an incident occurs.
Staff dissatisfaction and interpersonal conflict arising from salary comparisons within the team
Loss of employee trust in HR and management confidentiality
POPIA obligations triggered by the exposure of personal financial information
Potential formal HR grievances from affected employees
Management time required to address the internal fallout
4
Questions Management Should Ask
?
Do you know exactly which employees currently have access to payroll files and salary spreadsheets?
?
Are payroll documents stored separately from general business files, with access restricted to specific individuals?
?
Have payroll access permissions been reviewed in the past six months?
?
Do staff who handle payroll information understand what constitutes appropriate handling and what does not?
5
Practical Steps to Improve Visibility
1
Move payroll documents to a restricted folder or storage location with access limited to specifically named individuals
2
Ask your IT support or system administrator to list everyone who can currently open payroll-related files - you may be surprised by the result
3
Brief HR and finance staff on payroll confidentiality: what it means in practice, including screen sharing, email attachments and printed documents
4
Remove payroll documents from any shared drive or folder that is accessible to all staff or to people outside the finance and HR function
Could This Scenario Happen In Your Business?
ComplyBar helps businesses find and understand hidden information risks before something goes wrong.
Built for POPIA support, AI governance, data leak prevention, employee risk awareness and audit evidence.
From R750 • Delivered online • No commitment required