5 ways you’re breaching employee privacy laws

Derek Jones

Derek Jones

VP of Business Development, Deputy Americas

February 16, 2018

5 ways you’re breaching employee privacy laws

Derek Jones, VP of Business Development, Deputy Americas
February 16, 2018


Editor’s note: This post was originally published in January of 2016 and has been updated for accuracy.

Employee Privacy Laws

All employees have a number of rights at work, including the right to privacy, fair compensation, and freedom from discrimination. Both federal and state governments have enacted a wide range of employment laws protecting employees from discriminatory treatment, unfair labor practices, unsafe work conditions, and more.

In practice, you need to treat all personal information about an employee and their family as private and confidential.

Here are 5 ways you might be breaching employee privacy laws:


Protection laws

Before we dive into violations of employee privacy laws, it’s important to be familiar with data protection laws and the Privacy Act. In the US, the laws around data protection and privacy rely on a patchwork of national legislation (the Privacy Act of 1974 which dictates how government agencies handle personally identifiable information (PII)), state regulation, and self-regulation.

Forty-eight states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information.

In practice, private employers typically recognize that they have a serious responsibility to protect sensitive personal information. And to do so, they implement their own robust policies and use best-in-class technology to prevent the dissemination of their employees’ private information.

But in our 24/7, always-on-the-go world, it’s easy to accidentally breach employee privacy laws. Here are five common ways where businesses get it wrong:


1. Publishing employee’s personal mobile phone numbers

With work schedules and rosters, if you’re using applications like Excel, you probably list everyone’s mobile numbers so that you can contact them to find out where they are if they’re running late, or find someone else to cover a shift if they call in sick.

But when you publish a schedule containing this information (i.e. employees’ personal cell phone numbers, not work provided mobiles), and pin it up in your workplace, you’re actually putting your employees at risk along with your business.  

Yes, it’s handy for a co-worker to use the list to find a replacement if someone’s called in sick. But what if it falls into the wrong hands? And while we’d like to think that this is highly unlikely, it does happen. Identity theft is becoming increasingly common, you may be unwittingly aiding and abetting a stalker, in the process opening up the potential for a harassment lawsuit.


2. Using email for sensitive conversations

Many employers routinely use email to communicate anything and everything with their employees – the good, the bad, and the ugly. But when you use email for everything, it’s too easy to inadvertently copy or forward sensitive information to other parties. This, of course, can land you in all sorts of trouble and do serious damage to your employer brand. For conversations on remuneration, performance and professional development, choose your communication platform with care!


3. Unsecured employee files

Record keeping is a basic business requirement. It can be onerous, but it’s certainly not optional.

In Australia, you must keep employee records for 7 years. This includes general details like the employee’s name, commencement date, pay rate, leave entitlements, and more. American-based businesses must retain basic payroll tax records for four years. And it’s prudent to keep records of events like workplace injuries for 10 years or more.

But rather than keeping highly confidential employee data in paper files that are at risk of being compromised, an online system gives you secure but easy access to your files 24×7 with a full audit trail.


4. Poor housekeeping

While you have obligations to retain employee data, you also have obligations to dispose of out-of-date information. Retaining employee information beyond the legislated requirements can expose your business to legal challenges against your data protection practices.


5. No enforcement of data protection policy

While you may think your business is safe once you’ve introduced a robust, and compliant personal data protection policy, but if it’s not enforced, it’s essentially meaningless and won’t protect your business in the event of a claim.

A personal data protection policy should be tailored to your business to take account of the particular personal data that you collect and retain. You must communicate the policy to your workers and monitor its use in the business. Getting your employees to sign the policy and keep a copy on their HR file gives you an audit trail and proof that the policy is practiced.


For employees: 

Do you know what rights you have at work? Here’s what to do if your employer is violating one of these laws.

See our list below, for more information on privacy and data protection laws:

The Privacy Act in Australia

Data Protection Laws in the United States

Data Protection and Legislation in the United Kingdom


Is your business in the retail or fast food industry? You may be violating other workforce compliance laws. Download the following guide to learn about these predictive scheduling laws that are spreading across the nation:

Download Predictive Scheduling eBook


How Deputy can help

Deputy strives to improve the lives of employers and employees, using technology to transform operations and help businesses thrive. Deputy can handle complex compliance laws that other workforce management software cannot. Multiple rules are enforced every time a schedule is produced or updated to enforce workforce compliance.

U.S. businesses should invest in a time tracking technology to avoid many of the time recording issues faced by most compliance lawsuits. See if Deputy is right for your business by signing up for a free trial below:

START FREE TRIAL
 

Subscribe to the Deputy Blog to stay updated on workforce laws and how your business can stay compliant.


SHARE THIS POST
comments powered by Disqus
ABOUT THE AUTHOR
Derek Jones
Derek is the VP of Business Development in North America and has 16+ years’ experience in delivering data-driven sales and marketing strategies to SaaS companies.
SIMILAR ARTICLES

Join 50,000 business leaders by subscribing now
TRENDING ARTICLES

Never miss a beat!

Join 50,000 business leaders by subscribing now

Win $10,000 by telling people about Deputy!