Let’s talk about privacy for addresses and contacts

I’ve been working with a company lately who were at risk of falling foul of GDPR, because the partner they were previously working with hadn’t properly secured their workers’ address and contact info during the data migration phase. We fixed it for them, but it was fiddly, and cost a few quid in hours spent tidying up. It would have been much better if their partner had known about the importance of ‘private locations’ when they first migrated the data.

What am I talking about? Well, there are a number of different places in Talent where, if you’re not careful, you can expose address and contact info to users who don’t have legitimate access rights to that data. It’s not a bug, the system is working as designed, and as a Microsoft partner, we’re very familiar with this situation and work with our customers to make sure it’s avoided. Increasingly though, companies are having a crack at implementing Talent themselves, and in doing so without knowing the ins and outs and potential pitfalls, they can leave themselves open to risks like this.

What are the places to look out for?

As a member of the HR team, when I hover over a worker’s name in a list, I’m presented with a card that looks like this:

What you’re seeing here under telephone and email is the primary contact of each type that’s been entered against the worker. Fine if that’s their business contact, but not so fine if it’s their personal phone number or email address and they haven’t given permission for it to be shared to all and sundry.

In addition, if you’ve launched self service, and you’ve left the Company Directory available, your workforce can also check out each other’s contacts – it looks like this. It will literally show everything under contacts to the whole world if you’re not aware of how to avoid that happening:


However – there’s one last place. It’s not obvious. And it generates the biggest risk of all.

I’m not going to publish where to find it as that feels pretty irresponsible, but there is a way to surface the primary phone, email, and address entered against every person in your database.

What you’re seeing here is the primary data entered against the person record. So that’s the primary phone and email (even if the purpose isn’t set to ‘business’) and the primary address. Not the office address like the worker card, but the primary address. And this applies to all ‘people’ in the database – not just workers. In short, this is a data protection nightmare, and you need to know how to avoid it.

So what’s the way round it?

That ‘private’ flag that’s available under advanced options whenever you enter an address or an email or a phone number. Or an address for a personal contact like a beneficiary or emergency contact. You might think it doesn’t do much in a Talent world where you’ve only got HR users in the back end, but it’s just as critical here as it is in Finance and Operations. If you set that private flag, you protect that record from any user who doesn’t have one of the user roles that have been set up to view private data.  Your average user with an Employee role won’t be able to go digging and potentially find the home address of the manager who passed them over for promotion, or the attractive individual in the next team who keeps politely turning them down when asked out on a date…

There’s a tab under ‘global address book parameters’ (Organisation Administration > Global Address Book > Global Address Book parameters) called ‘Private location security’. Here you can set which user roles within your Talent environment should be able to see private addresses, emails and phones. Usually you’d want your internal HR roles added here. What you definitely wouldn’t want added is your standard end users like Employee and Manager – or worse, System User (which is the role assigned by default to everyone with a user account).

So when you’re loading your data, take the time to make sure you’re setting that private flag on your worker’s personal info. You’ll thank yourself for it later.

On a related note, I’d strongly recommend pushing out a personalisation to the employee self service pages where these details are added, to make that private flag more prominent. In the standard solution the private flag is tucked away under ‘advanced options’, and there’s a big risk that your users won’t appreciate the importance of it. Make it as visible as possible by pulling it into the grid view, and then train your users what it means when you launch self service:

If you’re working with a partner to deploy Talent, ask them about that private flag. If they tell you it doesn’t really matter in Talent because only HR users have access to it anyway, run for the hills. Or better still, drop me a line.

2 thoughts on “Let’s talk about privacy for addresses and contacts”

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.