Data privacy is something we pretend to worry about while discussing it on Facebook, Twitter, and Tumblr, where we share every detail of our personal lives and take pictures of all our food.
Of course, there's a difference between the entire world knowing that you had spaghetti last night and knowing the details of your performance improvement plan and Social Security number. So, while our employees are happy to overshare online, we must keep their information private.
This became more difficult with the digital transformation of Human Resources. In the old days, companies kept employee files in rooms, accessible with the keys only held by one cranky woman named Helen, who left at 2:00 pm every day. And she knew everyone in the company, so you couldn't easily sneak in and grab your file, let alone someone else's. It was information security at its finest.
Now, everything from new hire paperwork to formal write-ups to performance improvement plans is digitized. This makes life much easier for employee relations people. If we get a new case, we can simply pull up the employee's file and be up-to-date — no need to go down to the file room and find Helen and her key.
Electronic data storage makes employee privacy a lot more complicated. Digital records are easier to steal. If you don't have good security, the wrong people can access files. If an employee moves to a new manager, your system needs to be updated immediately, or one person will have the information they don't need. At the same time, another lacks the information they do need.
Employee Privacy and Compliance in the Workplace
With the move to digital records comes a whole slew of laws. The latest is the California Consumer Privacy Act, which went into effect on January 1, 2020. While this law focuses on consumers, it also impacts employee records. If you have employees in California, you need to make sure you comply.
Employment attorneys Justine Phillips and Jessica Gross describe three critical things that employers need to know about the new law.
- “It requires mandatory privacy notices and disclosures about the data collected by employers and purpose for collection.”
- “It provides for statutory damages ranging from $100-750 if sensitive personal information is breached.”
- “It expands the right to request access/deletion of personal information."
It's not just nice to keep your employees' information private — you could end up paying a fortune in fines if your system gets hacked or isn't as secure as it should be. While this is a California specific law, it may spread to other states.
If you want to monitor employees' internet usage, for instance, you need to disclose you will track their online habits. You can't just say "it's the company's computer, so of course, we have the right to monitor it."
The protections for employees increase in 2021, so pay attention! Your state may have different rules. If your business operates in different states, it can be a nightmare to comply. (And, that's not even touching what happens if you go global. European GDPR rules add a layer of complexity and security.)
While I don't think anyone should have the "right to be forgotten" (a 2021 rule), the rest of it makes good sense overall. We store a lot of data about employees — things that we never used to do, and we don't even realize we're doing it. You may be able to track everything from when they wake up in the morning to where they go on the weekend. Your employees deserve to know what you're using and how you are using it.
Suzanne Lucas is a freelance writer who spent 10 years in corporate human resources, where she hired, fired, managed the numbers, and double-checked with the lawyers. She's sure not evil. She's super nice! Learn more about her at www.evilhrlady.org and email her directly for decidedly unevil advice.