We have our payroll software to be installed on our file server. This contains all the details of current and past employees. The data contained in the payroll software includes tax, bank, NI number, address, DOB, start and end date ect. What's the best method to secure the data so only 2 employees have access to it? We are in the uk and we want to protect ourselves by law. Any advice welcome. Ive included some tech details below:
The databases are located on the a windows 2008 sbs server and the client application is installed on a windows 7 64bit workstaion.
The databases are not encrypted and are of an old bespoke system. In order to read the database you will need the development suit.
The application requires a password to enter the system
This sounds like it might be the problem. In order to restrict access to the data, you will need personal user accounts for each user, and only grant access to the sensitive data to those 2 individuals.