If you are in charge of your company’s payroll information, I’ll be you’ve asked yourself this question: “How can we prevent unauthorized people from seeing our employees’ Social Security Numbers?”
Here’s what you don’t want unauthorized people seeing:
This is an important issue, and fortunately, one with an easy solution as far as QuickBooks is concerned.
First, a technical note. Social Security Numbers have special encryption within your QuickBooks data file. Intuit added this a few versions back, and it’s a good thing.
But of course, it’s possible to see those numbers in QuickBooks if you have the correct permissions. And setting those permissions is the key to preventing unauthorized people from getting access to sensitive information like Social Security Numbers.
You can address this issue in any version of QuickBooks.
If you use QuickBooks Pro or Premier
When logged in as Admin, simply click on Company / Set Up Users and Passwords / Set Up Users… / Edit User… (these menu names may be a little different depending on the version of QuickBooks you use).
Move through the pages to the “Payroll and Employees” page. Select “No Access”, then click Finish. That’s it.
Repeat this process for all of your QuickBooks users for whom Social Security Number access is not necessary for their job.
When any of those users access the Employee Center and try to click on Edit Employee, where the SSN may be viewed, they will see this:
Likewise, if anyone tries to access employee/payroll reports, they will be locked out.
If you use QuickBooks Enterprise
In Enterprise, you have much more flexibility in allowing or restricting access to accounting information, so the process to restrict SSN access is a little bit different. In Enterprise, you define access roles, and then each user is assigned a role. So what you’ll want to do is make sure that all the roles have appropriate access to sensitive information like Social Security Numbers.
When you are logged in as Admin, click on Company / Users / Set Up Users and Roles, then click the Role List tab. When you set up a new role, make sure that Centers / Employee Center has an Activity Access Level of None. Or, if you want them to be able to see the main Employee Center screen but not payroll info (including SSN), then click Partial, but with View Payroll Info unchecked, as per below:
You should check out your existing roles to confirm the access being given. Go through them one by one and confirm that the employee/payroll access is turned off for roles that don’t need it. Those restrictions will automatically be applied to all the users to whom those roles have been assigned. When you create new roles, make sure that you turn off access to employee/payroll areas if the new role doesn’t need access to it.
If a user has a role that has no access to Employee Center, then they will not be able to get into the Employee Center screen. If you allowed access to the Employee Center but did not give access to View Payroll Info, then they can access the Center, but if they click Edit Employee, they will get a permissions error message and not be allowed to see the SSN or other employee detail.
There are permissions in Enterprise roles pertaining to employee and payroll reports as well, and you can modify those according the the needs of your users.
BONUS: You might check your paper files to make sure that employee SSNs aren’t sitting around in a filing cabinet somewhere. You might also make sure that SSN’s aren’t in any of your unprotected Excel files.
DOUBLE BONUS: Use strong passwords for your Admin user and any users that are set up with payroll access privileges. Don’t have your passwords on sticky notes on your computer monitor! Don’t put your passwords in a file folder that everyone has access to! If you make it easy for your fellow employees to access your passwords, you are making it easy for them to access all kinds of sensitive accounting information.
Do you have concerns about sensitive identity information in the workplace? What actions do you recommend?