An employee directory is one of those documents that nobody thinks about until they urgently need it — when payroll needs to verify a bank account, when HR needs an emergency contact, when IT needs to know who reports to whom for access reviews, or when an audit demands a complete list of current staff. A current, well-organised employee directory is core infrastructure for any business with more than a handful of people.

This guide explains what an employee directory should contain, the privacy and security obligations attached to it, how to keep it current, and how it ties into other HR processes like payroll, leave, and performance management.

Two Layers of an Employee Directory

Most well-run organisations maintain two directories with different audiences:

  • Public directory — Name, job title, department, work email, office extension. Available to all employees for collaboration.
  • HR master record — Full personal details, identification, banking, statutory IDs, salary, leave entitlement, contracts. Restricted to HR and finance.

Mixing the two creates either an over-broad directory that exposes sensitive data, or an under-detailed master record that fails compliance checks.

Essential Fields for the HR Master Record

Identification

  • Full legal name (per IC/passport)
  • Preferred name or English name
  • Employee ID
  • NRIC or passport number
  • Date of birth
  • Nationality and visa status (for foreign employees)
  • Gender, marital status (where required for statutory purposes)

Contact Details

  • Personal mobile phone
  • Personal email (for offboarding and unexpected contact)
  • Work email and extension
  • Home address
  • Emergency contact name, relationship, and phone

Employment Details

  • Department and team
  • Position title
  • Reporting manager
  • Work location
  • Date joined
  • Employment status (probation, confirmed, contract, intern)
  • Contract end date (if fixed-term)
  • Working hours / shift pattern

Statutory Identifiers

  • EPF member number
  • SOCSO number
  • Income tax (LHDN) number
  • Bank name and account number for salary credit

Compensation and Leave (Restricted)

  • Current basic salary and total package
  • Last and next salary review dates
  • Leave entitlement and balances
  • Bonus and increment history

The Public Directory — Less Is More

The internal-facing directory should include only what coworkers genuinely need to find and contact each other. Typical fields:

  • Display name
  • Job title
  • Department / team
  • Work email
  • Office extension or work mobile
  • Profile photo (where consent given)
  • Manager (for reporting line lookup)

Avoid putting home address, IC, salary, or personal phone in any directory visible beyond HR.

Privacy and PDPA Considerations

Under Malaysia's Personal Data Protection Act 2010, employees are data subjects whose information must be processed for legitimate, declared purposes only. Practical implications:

  • Collect only data necessary for employment purposes
  • State clearly in the employment contract what data is collected and how it will be used
  • Restrict access to the master record on a need-to-know basis
  • Encrypt sensitive fields (NRIC, banking, salary) where stored digitally
  • Obtain consent before publishing photos or extended details in public directories
  • Have a documented process for data correction requests from employees
  • Delete or de-identify ex-employee records once statutory retention periods expire

Maintaining the Directory — Keeping It Current

An out-of-date directory is worse than no directory — it creates false confidence. Practical maintenance habits:

  • Update within 24 hours of any joiner, leaver, or internal transfer
  • Run a quarterly review where each employee verifies their own entry
  • Link directory updates to onboarding and offboarding checklists
  • Set automated reminders for contract end dates, visa expiry, and confirmation dates
  • Reconcile against the payroll register monthly — every paid employee must appear
  • Reconcile against the EPF and SOCSO submissions monthly

Connecting the Directory to Other HR Processes

The directory should be the single source of truth that feeds:

  • Payroll — Bank details, statutory IDs, salary, employment status
  • Leave management — Entitlements derived from join date and grade
  • Performance reviews — Reporting line drives reviewer assignment
  • Access provisioning — Role drives system permissions; leavers must be deactivated immediately
  • Compliance reporting — Foreign worker quotas, headcount by category, etc.
  • Emergency contact — In the event of a workplace incident

If you have separate systems (HRMS, payroll, ID provider) they should be reconciled against the directory regularly.

Org Chart vs Directory

A directory lists who is where; an org chart shows how they connect. The two are complementary:

  • Use the directory to look up an individual
  • Use the org chart to understand the structure (who reports to whom, who runs which function)
  • Generate the org chart from the directory's reporting-manager field — never maintain them independently, or they will drift apart

Common Employee Directory Mistakes

  • One spreadsheet, many editors. Without access control, changes overwrite each other and accountability is lost.
  • No leaver process. Ex-employees stay listed for months, polluting search results and creating compliance risk.
  • Conflicting versions. HR's spreadsheet says one title, IT's directory says another, Slack profile says a third.
  • Personal data in shared files. Bank account numbers in an open Excel file is a PDPA breach waiting to happen.
  • No emergency contact verification. Numbers go stale; an annual check catches changes before they matter.
  • Missing contract-end alerts. Foreign worker passes and fixed-term contracts that lapse without action cause statutory issues.

Build Your Employee Directory with Popupnote

The Employee Directory Generator on Popupnote creates a structured employee directory with separate fields for identification, contact, employment, statutory IDs, and emergency contacts. It produces printable and digital-ready formats suitable for HR records and team distribution. The generator runs in your browser without any account required.