Starter · Part of HR
Employee Private Information
sub-spec 22E
HR-only handling of emergency contacts, home address, personal contact methods, and country-aware national identifiers (SIN, SSN, work permit) — with approval-gated change-request workflow and immutable history.
For the operator
Employees submit private-data changes through a request workflow; HR approves, the system applies — no direct writes to PII tables. Emergency contacts (primary + secondary) live in one form. National identifiers are AES-256 encrypted at rest, masked in the UI, and gated by a separate read permission. Validation rules are tenant-defined per identifier type, so SIN/SSN/work-permit/foreign identifiers all pass the same change-request flow without schema changes.
Business impact
No raw national identifier ever appears in logs or non-HR responses — directly satisfies PIPEDA, CCPA, and most BPO client contracts that require explicit PII handling. Approval-gated mutation creates an immutable history that auditors can replay. Multi-country identifier framework removes the "where do I store this candidate's ID" question for international BPO operations.