Best practices for securing sensitive data in performance management reports

We’re rolling out performance management analytics and our compliance team has raised concerns about sensitive data exposure in reports. Specifically, they want to ensure that managers can only see performance data for their direct reports and that compensation-related fields are masked appropriately.

I know OTBI has row-level security capabilities and BI Publisher has some data masking options, but I’m looking for practical guidance on implementing these controls effectively. What are the proven approaches for securing performance data in reports while still providing useful analytics to managers?

Also wondering about the balance between security and usability - we don’t want to lock things down so tightly that the reports become useless, but we also can’t have managers accessing performance data outside their hierarchy.

One approach we use is creating manager-only access controls through a combination of OTBI subject area security and custom dashboards. Each manager role gets a dashboard filtered to their hierarchy automatically. The key is setting up the security profiles correctly so the filtering happens at the database level, not just in the UI.

Don’t forget about OTBI’s data security policies for conditional access. You can set up policies that grant different levels of visibility based on role. For example, managers see ratings and goals but not salary data, while compensation analysts see everything. The policies are role-based so maintenance is easier than user-by-user grants.

For compensation fields, you should create separate subject area views that exclude sensitive columns or use data security policies to conditionally mask values. We have one version of performance reports for managers (no compensation) and another for HR leadership (full data). This way you’re not trying to mask dynamically which can be complex.

Consider implementing data masking in BI Publisher for scheduled reports. You can use conditional formatting to replace sensitive values with asterisks or aggregated ranges. For example, instead of showing exact salary increases, show them as percentage ranges (0-3%, 3-5%, etc.). This preserves analytical value while protecting individual data.

Row-level security is essential for performance reports. Make sure you’re using the Manager hierarchy security profile to automatically filter data based on reporting relationships. This is built into HCM Cloud and works well with OTBI subject areas.

I’ve implemented performance analytics security for several large organizations, and there’s a comprehensive approach that balances protection with usability. Let me break down the best practices across the key security dimensions.

OTBI Row-Level Security Implementation: The foundation is properly configured data security policies that leverage HCM’s built-in security profiles. For performance management, you want to create policies that:

1. Use the Line Manager security profile to automatically restrict data to a manager’s reporting hierarchy
2. Apply to all Performance Management subject areas (Performance Goals, Performance Reviews, Talent Profile)
3. Include both direct reports and matrix reporting relationships if your organization uses them
4. Set appropriate policy priority so manager-level restrictions apply before broader role-based grants

The advantage of row-level security at the subject area level is that it’s enforced before data even reaches the report, making it impossible for users to manipulate filters to see unauthorized data. This happens automatically in OTBI once the policies are configured.

Data Masking in Reports: For sensitive fields like compensation data, ratings, or succession planning status, implement conditional masking based on user role:

• Managers: Show performance ratings and goal completion but mask salary data, bonus amounts, and succession readiness scores
• HR Business Partners: Show all performance data including compensation for their assigned business units
• Compensation Team: Full visibility to compensation fields but potentially limited access to detailed performance notes
• Executives: Aggregated views only - no individual employee drill-down

In OTBI, you can create multiple subject area views with different column sets for each role. In BI Publisher, use conditional formatting logic in your templates to mask or transform sensitive values based on the user’s role parameter.

Manager-Only Access Controls: For manager self-service analytics, implement these controls:

1. Create dedicated manager dashboards that use the Manager hierarchy security automatically
2. Restrict subject area access so managers can only open dashboards, not create ad-hoc analyses
3. Use dashboard prompts that default to “My Team” and prevent managers from selecting other organizations
4. Implement audit logging for all performance report access so you can monitor for inappropriate access attempts

The key is making the security transparent to users - managers should see their team’s data without having to apply filters manually, and they shouldn’t even see options to access data outside their scope.

Practical Balance Between Security and Usability: The biggest challenge is avoiding over-restriction that makes reports useless. Here’s what works:

• Aggregate where possible: Instead of hiding all compensation data, show it in ranges or percentiles. Managers can see “Your team’s average rating is 3.2 vs. company average of 3.0” without seeing individual salaries.
• Contextual access: Grant broader access in specific contexts. For example, during calibration sessions, managers might temporarily see peer team data for comparison purposes.
• Progressive disclosure: Start with summary metrics and require additional authentication or approval to drill into individual employee details.
• Clear messaging: When data is masked, show a message explaining why and who to contact for access. Don’t just show blank fields.

Implementation Checklist: For your performance analytics rollout:

1. Map your security requirements to roles: Document exactly what each role should see
2. Configure data security policies for each Performance Management subject area
3. Test with actual user accounts (not admin accounts) to verify restrictions work
4. Create role-specific dashboard versions rather than trying to make one dashboard work for everyone
5. Implement audit logging and review access patterns monthly
6. Document the security model so future report developers understand the constraints
7. Train report users on what data they can access and why certain fields are restricted

This approach gives you strong security controls while keeping reports functional for managers. The key is designing security into the analytics architecture from the start rather than trying to retrofit it later.