Human resources professionals have special obligations when it comes to applicant, employee and contractor personal information. Many of the important general data protection laws [GDPR//CCPA//LGPD] cover employee data in addition to data from customers, users, etc.
For most companies doing business in California, Europe, or Brazil (that’s lots of companies), it’s important for HR professionals to understand how to handle employee data in compliance with the law.
For example, you need to know what rights employees have with respect to their data and what notices the company is required to provide to employees.
What privacy rights do employees have? They have a lot of the same rights that consumers have! Like,
- the right to access their data - meaning that the company has to provide employees with personal information that the company collects about them;
- The right to have their data deleted. Employees can request their personal information be deleted;
But there are exceptions, like where that data is required to comply with a different law, like a tax law.
- The right to have incorrect data corrected.
To comply with these laws, companies need to provide employees with a privacy notice, tailored to their employees. They need to put in place systems for responding to rights requests, just like for consumers. The company should update data maps to include employee data; and make sure that contracts with HR-related vendors (like HR software providers) are updated.
That’s the overview of privacy laws for HR professionals. Privacy is part of the job now - the more you know about privacy, the more you and your colleagues will thrive in this new world of privacy laws.