5 ways you’re breaching employee privacy laws

by Derek Jones, 5 minutes read
HOME blog 5 ways youre breaching employee privacy laws

Editor’s note: This post was originally published in January of 2016 and has been updated for accuracy.

Employee Privacy Laws

All employees have a number of rights at work, including the right to privacy, fair compensation, and freedom from discrimination. Both federal and state governments have enacted a wide range of employment laws protecting employees from discriminatory treatment, unfair labor practices, unsafe work conditions, and more.

In practice, you need to treat all personal information about an employee and their family as private and confidential.

Here are 5 ways you might be breaching employee privacy laws:

Protection laws

Before we dive into violations of employee privacy laws, it’s important to be familiar with data protection laws and the Privacy Act. In the US, the laws around data protection and privacy rely on a patchwork of national legislation (the Privacy Act of 1974 which dictates how government agencies handle personally identifiable information (PII)), state regulation, and self-regulation.

Forty-eight states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information.

In practice, private employers typically recognize that they have a serious responsibility to protect sensitive personal information. And to do so, they implement their own robust policies and use best-in-class technology to prevent the dissemination of their employees’ private information.

But in our 24/7, always-on-the-go world, it’s easy to accidentally breach employee privacy laws. Here are five common ways where businesses get it wrong:

1. Publishing employee’s personal mobile phone numbers

With work schedules and rosters, if you’re using applications like Excel, you probably list everyone’s mobile numbers so that you can contact them to find out where they are if they’re running late, or find someone else to cover a shift if they call in sick.

But when you publish a schedule containing this information (i.e. employees’ personal cell phone numbers, not work provided mobiles), and pin it up in your workplace, you’re actually putting your employees at risk along with your business.

Yes, it’s handy for a co-worker to use the list to find a replacement if someone’s called in sick. But what if it falls into the wrong hands? And while we’d like to think that this is highly unlikely, it does happen. Identity theft is becoming increasingly common, you may be unwittingly aiding and abetting a stalker, in the process opening up the potential for a harassment lawsuit.

2. Using email for sensitive conversations

Many employers routinely use email to communicate anything and everything with their employees – the good, the bad, and the ugly. But when you use email for everything, it’s too easy to inadvertently copy or forward sensitive information to other parties. This, of course, can land you in all sorts of trouble and do serious damage to your employer brand. For conversations on remuneration, performance and professional development, choose your communication platform with care!

3. Unsecured employee files

Record keeping is a basic business requirement. It can be onerous, but it’s certainly not optional.

In Australia, you must keep employee records for 7 years. This includes general details like the employee’s name, commencement date, pay rate, leave entitlements, and more. American-based businesses must retain basic payroll tax records for four years. And it’s prudent to keep records of events like workplace injuries for 10 years or more.

But rather than keeping highly confidential employee data in paper files that are at risk of being compromised, an online system gives you secure but easy access to your files 24×7 with a full audit trail.

4. Poor housekeeping

While you have obligations to retain employee data, you also have obligations to dispose of out-of-date information. Retaining employee information beyond the legislated requirements can expose your business to legal challenges against your data protection practices.

5. No enforcement of data protection policy

While you may think your business is safe once you’ve introduced a robust, and compliant personal data protection policy, but if it’s not enforced, it’s essentially meaningless and won’t protect your business in the event of a claim.

A personal data protection policy should be tailored to your business to take account of the particular personal data that you collect and retain. You must communicate the policy to your workers and monitor its use in the business. Getting your employees to sign the policy and keep a copy on their HR file gives you an audit trail and proof that the policy is practiced.

For employees:

Do you know what rights you have at work? Here’s what to do if your employer is violating one of these laws.

See our list below, for more information on privacy and data protection laws:

The Privacy Act in Australia

Data Protection Laws in the United States

Data Protection and Legislation in the United Kingdom

Is your business in the retail or fast food industry? You may be violating other workforce compliance laws. Download the following guide to learn about these predictive scheduling laws that are spreading across the nation:

Download Predictive Scheduling eBook

How Deputy can help

Deputy strives to improve the lives of employers and employees, using technology to transform operations and help businesses thrive. Deputy can handle complex compliance laws that other workforce management software cannot. Multiple rules are enforced every time a schedule is produced or updated to enforce workforce compliance.  Download this free ROI calculator to see how much your business could be saving on overtime, scheduling, payroll processing, time theft, and more.

U.S. businesses should invest in a time tracking technology to avoid many of the time recording issues faced by most compliance lawsuits. See if Deputy is right for your business by signing up for a free trial below:


Subscribe to the Deputy Blog to stay updated on workforce laws and how your business can stay compliant.

"Deputy has become a vital tool in the running of our business. My time building rosters has been cut to a fraction."
Garry Deakes
Owner, The Marina Ice Creamery
"I was setup and going in minutes. So easy to understand. So intuitive!"
Rami Rustom
IT and Services Professional
"Our admin time for Payroll is one fifth of what it used to be, and with more accuracy!"
Brendon Ford
Manager, Rashay's Pizza Pasta Grill
"Deputy is a cost effective, simple and robust solution for rostering staff and capturing time & attendance."
John Petrovich
Mobile Apps Evangelist, Telstra
"Great application and the customer service is fantastic."
Stephan Price
Director of Ecommerce & Technology
"Rostering and time sheets have never been so straightforward. What a fantastic and innovative tool."
Dr. John Hancock
"Deputy has been the best in delivering their promises. Their interface is amazing and simple to use."
Noelle Flores-Smith
President, Global DN Ventures Corp
"Deputy have allowed me to streamline the fortnightly payroll process."
Rachael Cameron
Payroll Officer, Magic Memories
"Fantastic intuitive time keeping software which works hand in hand with Xero."
Andrew Huntley
Director, Kenney Medical Solutions
Review Stars icon
4.5/5 on Capterra
542 Reviews
Review Stars icon
4.7/5 on Getapp
542 Reviews
Review Stars icon
4.8/5 on Apple Store
1.4k Reviews

Start your free trial