I wouldn’t be too thrilled about this myself… As a user with a mailbox, administrators will have access to your email and mailbox at any time they choose. Make sure you keep your four digit pin safe, but if someone has that PDF document and intends to access it, they can try a brute force attack by using every combination of numbers until they finally succeed. The best way to avoid any security issues is to opt out of recieving the email or delete the email before the nightly backups.
The theory is good ,people like to know that their pay check has made it to the bank. However depending on the format the information is passed along in can lead to identity theft. Since the user is just interested in learning that the check made it in I would suggest limiting the amount of information that is sent in the confirmation email to user name; amount deposited; date deposited; and name of the financial institution. Leave out specifics like account number and bank routing number, etc. By limiting the amount of information to the basics you help keep the employee information safe. Just so you know a 4 digit pin can be broken in a matter of seconds with the proper tools. Can you make the password longer and alpha/numeric?
Good job! Minimizing the amout of personally identifiable info improves your security odds.
But there will always be rules you have to comply with that don’t have a security basis in mind. So go for what you can get to keep things safe.