To be fair your Server Admins can already see all your emails, internet usage, etc. However what you could probably do is have a database., this database is where your HR data would come from and then it need to be password protected. When you load it into Tableau do not embed credentials. Your end user will need to put the password in each time and if the Server Admin does not know the password they could delete files but they could not see the data inside it.
Thanks for your suggestion.
However, it have more risk to let end user know the database credentials, currently our setting in Tableau is:
database -> extract in Tableau Server -> use Tableau Server as data source in workbook
Which aim to restrict user to connect database directly, and also make the data filter by username in first level