DATA PRIVACY IN BUSINESS INTELLIGENCE SYSTEMS: ENSURING COMPLIANCE IN HRIS AND ENTERPRISE PLATFORMS

Abstract

This systematic literature review examines how data privacy can be engineered and governed as an intrinsic property of business intelligence (BI) programs that consume Human Resource Information Systems (HRIS) and wider enterprise platforms. Following a registered PRISMA protocol, we searched multidisciplinary databases, screened records in duplicate, appraised quality with design-appropriate tools, and synthesized heterogeneous evidence narratively and thematically. In total, 115 peer-reviewed articles and standards met the inclusion criteria. The synthesis maps regulatory obligations such as purpose limitation, minimization, storage limitation, transparency, rights handling, accountability, and integrity-confidentiality to concrete controls across the analytics lifecycle. We find that privacy outcomes improve when governance is encoded in code via policy-as-code approvals, slim ingestion schemas, retention rules, and purpose tags; least-privilege access is most durable when role-based baselines are refined with attribute-based context and enforced as row- and column-level security at the semantic layer; protection works best as a choreography that assigns encryption, tokenization, pseudonymization, and masking to precise pipeline stages; and verification hinges on engineered lineage, runtime observability, and tamper-evident audit logs that make “what happened to whose data and why” answerable under audit. We also surface operational patterns for DSAR fulfillment, retention and erasure in warehouses and lakehouses, machine unlearning for models, and cross-border and vendor risk mitigations using customer-managed keys, regionalization, and purpose-aware authorization. Contributions include a regulation-to-engineering crosswalk, a reference architecture, a maturity model, DPIA prompt templates tailored to analytics, and a compact assurance metric set for continuous monitoring. Collectively, the review translates legal principles into testable, auditable design choices that enable compliant, trustworthy HRIS-to-BI analytics at scale.