Although it is generally recognized that the automation of personnel records improves efficiency and provides valuable information for management, at the same time accessibility of centrally stored machine-readable data increases the risk of unwarranted disclosure of identifiable individual records or other information prohibited under the Privacy Act.
In 1973, an ad hoc committee, the Information Control Group, was appointed. The committee consisted of representatives of the CSU, Public Employee's Retirement System, the SCO and the State Personnel Board. The committee chair was a faculty member, Dr. Charles Clark, from California State University, Los Angeles. The committee was responsible for developing policies and procedures regarding the security of data and control of access to the PIMS database. The polices and procedures developed by that group, although amended by subsequent legislation, remain in place today. The guidelines are based on two considerations:
The physical safety of the system hardware, either in the computer center itself or at remote locations, and the integrity and safety of the data files to protect against deliberate or accidental destruction or modification.
Data is provided by the system to a user only after satisfactory proof of identity and need to know have been furnished to the system. Thus, mechanisms are incorporated within the computer system to control access to stored personnel/payroll data on the basis of the user's identity and the authorization or need to know.
The guidelines that have been developed by the Information Control Group assure a high level of confidentiality for personal records while providing enough flexibility to meet the purposes for which the system was established.
Today, security for PIMS is administered through the State Controller’s Office, Information Security Office (SCO, ISO).