Workplace Privacy


Workplace Privacy Topic Page

Here, you can find the IAPP’s collection of coverage, analysis and resources related to workplace privacy.

Featured Resources


The ins and outs of workplace privacy law

This podcast episode discusses some of the pressing trends in workplace privacy, including CPRA obligations, workplace surveillance and artificial intelligence issues, international data transfers, and data security best practices.
Read More


Automated employment decision-making tools: Issues to address

Whether you are utilizing employment decision-making tools or are the technology provider, this article covers the questions to ask yourself.
Read More


Privacy in the world of hybrid work – Solving the cloud challenge

This web conference discusses how to navigate data privacy in a world of hybrid work where cloud computing is growing.
Read More


Consent as legal basis for EU and UK employment

This article clearly outlines consent as a legal basis in the employment context, while providing details on exceptions.
Read More


Privacy in the Wake of COVID-19

This report gauges the responses of privacy professionals and organizations to a range of issues, including remote work, employee health monitoring and the adoption of new technology.
Read More


The perils of employee-collaboration tools and how to avoid them

This article outlines how employers can remediate the privacy risks of employee-collaboration tools without compromising the convenience and efficiency of these products.
Read More

Additional News and Resources

US Senate subcommittee focuses on AI in the workplace

Artificial intelligence's capacity to upend employees' relationships with the workplace is on its way to becoming a reality. The real questions are how soon and at what scale will it occur. An 31 Oct. hearing by the U.S. Senate Committee on Health, Education, Labor and Pensions' Subcommittee on Employment and Workplace Safety featured exploration on multiple angles to the potential conundrums AI could raise related to employees' workloads and general employment or hiring processes. U.S. Sen. J... Read More

Study: UK IT experts worried workplaces not ready for AI

A study of 500 information technology specialists in the U.K. found one-third of professionals have not received any artificial intelligence training and nearly half have no workplace policies for the technology, Infosecurity Magazine reports. Nearly all specialists said they were worried about their organization's ambitions for AI because of inadequate preparation.Full story... Read More

ICO publishes workplace monitoring guidance

The U.K. Information Commissioner's Office released guidelines for lawful employee monitoring in the workplace. ICO-commissioned research showed 70% of the public views employee monitoring as an invasion of privacy. Deputy Commissioner Emily Keaney said the guidance, aimed at public and private-sector employers, will "remind organisations that business interests must never be prioritised over the privacy of their workers" and "transparency and fairness are key to building trust."Full story... Read More

Pulling back the layers on employee monitoring

The Wall Street Journal conducted a roundtable discussion with privacy professionals on the current landscape for employee surveillance and monitoring. Topics covered include how widespread monitoring has become, legal limits and ethical versus non-ethical deployments. Electronic Privacy Information Center Senior Counsel John Davisson, Gartner Vice President of Human-Resources Research Brian Kropp and Future of Privacy Forum Senior Vice President of Policy John Verdi took part in the conversatio... Read More

Vaccine credential systems: Considerations for US employers

Amidst the shifting employment landscape created by COVID-19, employers requiring employees to disclose their vaccination status has become a hot — yet murky — topic rife with privacy-related risks. Vaccination requirements are expected to soon “become dominant in the workplace” due to President Joe Biden’s recent COVID-19 Action Plan. Some employers will be required to impose vaccine mandates for their employees; some will be required to ensure their employees are either vaccinated or tested we... Read More

CPRA could obstruct existing employment rights

Employment rights and obligations related to human resources data are about to get messy in California. On Jan. 1, 2023, California will become the first state to have a comprehensive data privacy law covering human resources data when the California Privacy Rights Act becomes operational. This change will leave both employees and employers confused regarding the interplay between the CPRA and employment laws because most of the rights under the CPRA either are already addressed or do not make s... Read More

Return to office ‘a perfect storm’ of privacy issues for businesses

Offices around the world closed their doors more than one year ago as many sent employees to work from home while the COVID-19 pandemic unfolded. As vaccinations continue to progress at a steady pace, many employers and employees are eager to get back into the office. As they contemplate how to best take that step, organizations are facing “a perfect storm of all the issues privacy officers should be thinking about,” said WilmerHale Cybersecurity and Privacy Practice Co-Chair Kirk Nahra, CIPP/U... Read More

Privacy in the Wake of COVID-19

The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More

Employee privacy and the GDPR – Ten steps for US multinational employers towards compliance

The European Union’s (EU) new data protection framework, known as the General Data Protection Regulation (the regulation), is, at bottom, a response to the astonishing evolution in online commerce. As a result, only one of the regulation’s 91 articles specifically addresses the personal data of employees. This gap means U.S. multinational employers — especially those engaged in business-to-business (B-to-B) commerce — must carefully parse the regulation to figure out how it applies to their mana... Read More

On Balancing Insider-Threat Protection and Employee Privacy

Recent industry studies (see sidebar above) reveal that insider threats are still one of the biggest corporate grey areas, and, to pile on, insider threats are rapidly becoming an information security challenge. Insider attacks are different from external attacks because insiders, such as employees, third-party suppliers or consultants, already have a foothold in the organization by being granted access to data. Privileged users pose a major risk because they are hard to detect and stop with tr... Read More