Most of the employers around all over the world collect a considerable amount of personal information about their employees. Employers use their employees’ information for various reasons—from assessing interviewees during the selection process to employee benefit to administering payroll and to managing other miscellaneous post-employment benefits.
However, employers must know about their legal obligations of using data which comes under the protection laws and regulations that monitor the use, collection and transfer of personal information. It is important for employers to set parameters and revisit their legal obligations when it comes to safeguarding the privacy of employee data.
Certainly the significant measure that companies can take is to get a good understanding of their legal limitations. As soon as those obligations are taken care of, companies can then be in a position to audit their procedures and policies, and make required modifications to make sure that employee information is well protected.
Table of Contents
Defining Employee Information
While employee information cannot be confined to one simple definition, it mostly comprises of employee photos, addresses, date of birth, medical records and social security numbers. It also contains information about an employee’s financial expectations from the employer, such as perks and other employee benefit plans.
Any information relating to personnel benefit plan must not be used as a source for others’ monetary gain. But before we discuss the extraction and privacy of employee data information, it is unavoidable to not be familiar with the Privacy Act and Data Protection Laws. In America, the laws that revolves around privacy and data protection rely on the privacy act of 1974 which clearly indicates that how government and private companies manage people’s personal information. The company’s legal constraints regarding maintenance of the privacy of employee information is potentially wide-ranging and contain the following:
Publishing Employee’s Personal Cellular Phone Numbers
With roasters and work schedules, if you take help of programs like Excel, you probably write down everyone’s numbers, so that you can contact them when there is something important. But when you public a roaster or work schedule covering sensitive information such as employees’ personal cellular numbers, not work related contacts, and put on the notice board of your workplace, you’re actually inviting trouble by putting your employees at risk along with your company.
Yes, it is quite convenient for a colleague to use the published list to arrange a replacement if someone’s called in sick, but what if the publicly posted information gets into the wrong hands? And as much as you want to think that it is very unlikely to happen, it does happen. Keep in mind that theft of information is becoming common, you may be inviting unwanted trouble by putting your business in a vulnerable position which can lead to a potential lawsuit.
Using Email for Sensitive Conversations
Many companies on a daily basis, for anything and everything communicate through email with their employees. But when you extensively use email for communication purpose, it becomes quite easy to inadvertently forward or copy sensitive information to people who should not be in the loop. This, has a potential, to get you into trouble and can cause serious problems. For conversations on topics like appraisal, performance, bonus, remuneration and professional development, pick your mode of communication with care!
Unsafe Employee Files
For employers, record keeping is considered to be a very simple business requirement. It can be tedious, but certainly not something that you can skip. In Australia, employers are supposed to maintain their employee records for a good 7 years which covers basic details like name, pay rate, joining date, leave entitlements etc. Similarly, in America employers are required to retain payroll tax information records for minimum four years and records for information like workplace injuries for at least 10 years or so.
But instead of keeping highly sensitive employee information in the form of hard copies that are at risk of being compromised, a cloud system allows you to securely yet easily access the information files round the clock with a full audit track.
What Companies Should Do
Companies should take the following measures to narrow illegal disclosure of employee information:
- Evaluate your internal procedures and practices relating to the protection of delicate employee information and its flow.
- Try not to use your employee’s social security details as their identification codes.
- Make sure that your employees’ medical data is kept in separate, protected files. Appoint people within the organization with access to such information, and reassure that only the assigned individuals have access to sensitive files.
- Take care of documents that contain sensitive data such as, tax forms, wage documents, consumer reports, credit card data, loans and mortgages, I-9 forms and medical test reports. Keep a separate file for this type of information from employees’ files.
- If private data of employees is maintained in a cloud format, make sure that the information is kept in a protected computer system, give minimum access to such kind of information, and take necessary measures that this data cannot get copied or transferred.
- Come up with concrete information destruction rules that efficiently prevent unapproved access to private and sensitive information such as burning or shredding of documents, destruction of electronic devices that has data stored in it. Ensure that employee data security and control are mentioned in service contracts communicated with vendors if needed.
- Hire an attorney, such as Unified Lawyers, or prepare a legal response that can be used in case if there’s a disclosure of personal information or security.
- Conduct frequent training sessions for all your employees as well as train managers specifically about the importance of abstaining from disclosing or discussing information that could affect their employees’ privacy interests.
Surprisingly, privacy of employee information has become a sensitive issue. Companies from private and government sectors must realize the importance of protection of employee information. As employers emphasize on privacy and confidentiality both externally and internally, all parts of the organization should be called to prove what they are doing to protect employees’ personal information.