""

 

Workplace Privacy

Workplace Privacy

When it comes to protecting intellectual property, ensuring productivity and identifying bad behavior, employers have many tools available to them. Employers of all sizes are, increasingly, using these tools to monitor employees’ IT use. But their use poses legal risks and challenges—particularly for multinationals. Organizations should be aware of the legal restrictions that apply to in the jurisdictions where they work.

This topic page aims to help you balance organizational security with employee privacy laws throughout the globe.

Featured Resources

Vaccine credential systems: US employer guidance

This article brings US employers up to speed on what it will take to ensure vaccine credential systems comply with federal and state laws while also pointing out the inevitable privacy concerns that may be raised.
Read More

Return to office privacy issues

The COVID-19 pandemic forced many companies to work from home more than one year ago, but with vaccinations progressing, many businesses are returning employees to the office. Kirk Nahra writes that organizations face “a perfect storm” of privacy issues.
Read More

Employee Health Data Collection Guidelines

Companies now have a surplus of health data, whether it’s COVID-19 test or vaccination statuses or general health questionnaire data collected from employees. This web conference answers questions to help you understand best practices around health data record-keeping to help you develop a plan now.
Read More


Latest News and Resources

Web Conference: Learn How to Safeguard Your Personal Data & Build a Privacy Resilient Workplace

Original broadcast date: 11 November 2021 With increasing complexities and changes in the regulatory landscape, organizations must ensure privacy remains central to their business. This means educating and empowering employees to make privacy compliant decisions, driving policy awareness, and automating these policies to improve productivity and reduce costs. Learn how Microsoft is helping organizations safeguard personal data and keep privacy top of mind. Read More

Consent as legal basis for EU and UK employment

Consent is one of the EU General Data Protection Regulation legal bases that can be used to justify the collection, handling or storage of personal data. For consent to be valid, it must be clearly distinguishable from other matters, intelligible and in clear and plain language, freely given, as easy to withdraw as it was to provide, specific, informed and unambiguous (GDPR Article 6, 7 and Recitals 32, 33 and 43). In the employment context, consent is deemed to be problematic. An actual or per... Read More

CPRA could obstruct existing employment rights

Employment rights and obligations related to human resources data are about to get messy in California. On Jan. 1, 2023, California will become the first state to have a comprehensive data privacy law covering human resources data when the California Privacy Rights Act becomes operational. This change will leave both employees and employers confused regarding the interplay between the CPRA and employment laws because most of the rights under the CPRA either are already addressed or do not make s... Read More

Web Conference: Privacy Rights of Global Employees in the Era of Work from Anywhere

Original broadcast date: 26 August 2021 Privacy rights and the protection of employee data has become an increasing area of concern for many organizations as they navigate a post-pandemic world along with evolving regulations. In this presentation industry leaders Barbara Cosgrove, VP and CPO for Workday, Michael Morgan, U.S. Head of Global Privacy and Cybersecurity for McDermott Will & Emery and Rehan Jalil, CEO of Securiti discuss aspects of protecting employee data. The privacy challenges posed by maintaining vast lakes of unruly personal data demand more than manual oversight. Add to that increased regulatory scrutiny and consumer expectation, and the problem looms large. In this presentation you will learn how software can ease your burden with greater data accuracy and integrity. Read More

Web Conference: Monitoring Employees’ Health & Activities Outside Work in Germany, Poland and UK
(IAPP, February 2021)
How To Protect Your Employees From Data Loss
(CPO Magazine, April 2021)
FTC orders Zoom to tighten data security practices
(IAPP, November 2020)
Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing
(IAPP, May 2020)
Checklist: Expedited Vendor Privacy and Security Assessment
(IAPP, April 2020)
Major bank warns against Zoom, Google Hangouts use
(IAPP, April 2020)
Notice to Employers: Remember Privacy Basics When Addressing COVID-19
(Troutman Sanders, February 2019)
The perils of employee-collaboration tools and how to avoid them
(IAPP, September 2018)
Cyber risk awareness poster
(Dentons Privacy and Cybersecurity, September 2016)
From weakest link to strongest asset: tackling employee negligence
(IAPP, June 2016)
Sample Employee Background Checks Policy
(HR Daily Advisor, May 2016)
Employee privacy and the GDPR – Ten steps for US multinational employers towards compliance
(IAPP, January 2016)
On Balancing Insider-Threat Protection and Employee Privacy
(IAPP, November 2015)
Making Killer Privacy Presentations to the Board
(IAPP, October 2015)
Managing Privacy in the Web 2.0 Workplace
(IAPP, August 2014)
Workplace Privacy Counsel blog
(Littler Mendelson, June 2014)
If Nine of 10 Employees Knowingly Breach Policy, How Is Privacy Possible?
(IAPP, June 2013)
Employee Tips Sheet
(Stopthinkconnect.org, June 2013)
Privacy in a Suitcase
(IAPP, March 2013)
Privacy training: An emerging part of the corporate education canon
(IAPP, October 2012)
Chief privacy officers discuss employee privacy training
(IAPP, October 2012)
Workplace privacy expert sheds light on fair employer access to employee data
(IAPP, September 2012)
ICO Posters: Take Care When Sharing Work Information
(UK ICO, November 2010)
View More Resources

COVID-19 Resources

Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing

The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More

OSHA revises guidance on tracking COVID-19 in the workplace

The U.S. Occupational Safety and Health Administration revised guidelines May 19 that require employers to determine whether employees who have contracted COVID-19 did so in the workplace.  According to OSHA's recordkeeping requirements, employers are required to conduct investigations about the cause of an employee's infection with certain parameters. In the revised guidelines, which went into effect May 26, "employers should be taking action to determine whether employee COVID-19 illnesses ar... Read More

Definitions

Bring Your Own Device

Use of employees’ own personal computing devices for work purposes. Acronym(s): BYOD Associated term(s): Consumerization of information technology (COIT)... Read More

Employee Information

Personal information reasonably required by an organization that is collected, used or disclosed solely for the purposes of establishing, managing or terminating; (1) an employment relationship, or (2) a volunteer work relationship between the organization and the individual but does not include personal information about the individual that is unrelated to that relationship.... Read More

Employee Personal Data

Article 88 of the General Data Protection Regulation recognises that member states may provide for more specific rules around processing employees’ personal data. These rules must include suitable and specific measures to safeguard the data subject’s human dignity, legitimate interests and fundamental rights, with particular regard to the transparency of processing, the transfer of personal data within a group of undertakings, or a group of enterprises engaged in a joint economic activity and mo... Read More

Mobile Device Management (MDM)

MDM refers to software solutions that allow administrators to oversee the use of mobile devices for productivity and security reasons. MDM solutions usually allow an organization to control mobile apps, networks and data used by the mobile device from a single centralized software product, thereby assuring better control of company information on personal devices. MDM solutions also present challenges in the BYOD context because they allow for greater monitoring of employees' personal use of the... Read More

Telecommuting

DPAs divulge privacy expectations for video conferencing platforms

The U.K. Information Commissioner's Office offered an update on its global coordination with six data protection authorities to convey privacy expectations for video conferencing platforms. In July 2020, the ICO joined regulators from Australia, Canada, China, Gibraltar, Hong Kong and Switzerland in an open letter to Microsoft, Google, Cisco and Zoom regarding preferred privacy practices and standards. The ICO reports the dialogue has "proven effective, efficient and mutually beneficial" while g... Read More

FTC orders Zoom to tighten data security practices

While it has become as vital a tool as any during the COVID-19 pandemic, teleconferencing platform Zoom Video Communications has faced its share of privacy and security challenges as it adapted its systems to an unexpected boom to its clientele. That adaptation will now go steps further under orders from the U.S. Federal Trade Commission. The FTC has announced a proposed settlement with Zoom related to allegations of deceptive and unfair infosecurity practices that risk users' privacy and secur... Read More

View More Resources

Employee Monitoring, Social Media & Background Checks

Web Conference: Privacy Rights of Global Employees in the Era of Work from Anywhere

Original broadcast date: 26 August 2021 Privacy rights and the protection of employee data has become an increasing area of concern for many organizations as they navigate a post-pandemic world along with evolving regulations. In this presentation industry leaders Barbara Cosgrove, VP and CPO for Workday, Michael Morgan, U.S. Head of Global Privacy and Cybersecurity for McDermott Will & Emery and Rehan Jalil, CEO of Securiti discuss aspects of protecting employee data. The privacy challenges posed by maintaining vast lakes of unruly personal data demand more than manual oversight. Add to that increased regulatory scrutiny and consumer expectation, and the problem looms large. In this presentation you will learn how software can ease your burden with greater data accuracy and integrity. Read More

Employee Surveillance Report: Is your boss spying on you?

Software designer Surfshark released its Employee Surveillance Report highlighting trends in employee surveillance from March 2020 to March 2021. Surfshark scraped searches for "bossware" surveillance tools across the world and found the use of and interest in employee monitoring was most prevalent in Sweden, the U.S. and Norway. The study also found one in five businesses are deploying surveillance technology while 62% of companies do so to collect productivity data. The report goes on to compa... Read More

Survey: Majority of companies recognize employee privacy

DTEX and the Ponemon Institute published a survey revealing 63% of IT professionals believe their companies place an importance on employee privacy, Infosecurity Magazine reports. The survey collected the opinions from 1,249 professionals on their organization's efforts to protect employees' sensitive data. Only 34% of respondents indicated their organization effectively protected employees' data. Additionally, 64% of professionals said tracking employee productivity in a privacy-preserving mann... Read More

This service monitors data as people work from home

Nearly every aspect of life has been upended by the COVID-19 pandemic. For many, homes serve many functions. They are now a place of residence, a school, a daycare and also an office. Employees will likely be working from home for the foreseeable future, and employers have rushed to make sure their staff is ready to continue operations. Spirion CEO Kevin Coppins doesn't want companies to rest easy once everything is up and running. Workers will still be handling sensitive information that needs... Read More

Privacy Training in the Workplace

Web Conference: Learn How to Safeguard Your Personal Data & Build a Privacy Resilient Workplace

Original broadcast date: 11 November 2021 With increasing complexities and changes in the regulatory landscape, organizations must ensure privacy remains central to their business. This means educating and empowering employees to make privacy compliant decisions, driving policy awareness, and automating these policies to improve productivity and reduce costs. Learn how Microsoft is helping organizations safeguard personal data and keep privacy top of mind. Read More

White Paper – 6 Ways Privacy Awareness Training Will Transform Your Staff

(February 2018) – As an organization, you have obligations to your customers and other stakeholders to protect their personal information. Some obligations are regulatory, some by statute, some by contract, and some simply due to public expectations. This white paper outlines six ways that establishing a privacy awareness training program will help your team to think about privacy and meet these obligations. Read More

White Paper – Must-Have Privacy Training Features for Your Team

(January 2018) – A privacy program cannot be successful without training. There is a Chinese saying: “Those who want to get the job done must first sharpen their tools.” An effective privacy training not only enables an organization’s privacy initiatives, but also enhances an organization’s overall operation in the areas of Privacy by Design and data protection-centric security practices. In this white paper, learn about the essential elements of an organizational privacy training program. Read More

Monitoring Your Privacy Program – Article Series

Last Updated: June 2015 This series of articles will take a look at monitoring programs across industries including recommendations from the privacy consultant, healthcare, IT, finance, government and telecom industries. To start the series, I spoke with PricewaterhouseCoopers LLP Data Protection & Privacy Principal Jay Cline, CIPP/US, and asked him from a privacy consulting perspective about what every organization needs to consider when establishing a monitoring program. Part 1 – How... Read More

BYOD

Survey: 51% of organizations operating without BYOD policy

STX Next’s Global CTO Survey found 51% of global organizations don’t have a “bring-your-own-device” policy, though more employees are using devices at home due to the pandemic, Infosecurity Magazine reports. Among organizations that have a BYOD policy, 13% is not using multifactor authentication, and researchers noted many organizations are not in a hurry to adopt security processes. STX Next Chairman Maciej Dziergwa said, “It is imperative businesses take measures to address these insufficienci... Read More

CNIL discusses BYOD best practices

France's data protection authority, the CNIL, published guidance on best practices for privacy and data security associated with the bring-your-own-device concept. The CNIL noted employers are responsible for the security of company data stored on devices that are not their own, including an employee's personal device. Additionally, the CNIL recommended BYOD issues can be reduced by risk assessment and formalized measures within security policies. (Original post is in French.)Full Story... Read More