Additional News and Resources
Top issues to address when using automated employment decision-making tools
As we wait for the EU Artificial Intelligence Act to pass, AI enforcement is imminent in the U.S. On the federal level, we have both joint and individual statements from the U.S. Federal Trade Commission, Justice Department, Consumer Financial Protection Bureau and Equal Employment Opportunity Commission, as well as the White House's Blueprint for an AI Bill of Rights and follow-up Fact Sheet on new actions to Promote Responsible AI Innovation that Protects Americans' Rights and Safety. At the ... Read More
Pulling back the layers on employee monitoring
The Wall Street Journal conducted a roundtable discussion with privacy professionals on the current landscape for employee surveillance and monitoring. Topics covered include how widespread monitoring has become, legal limits and ethical versus non-ethical deployments. Electronic Privacy Information Center Senior Counsel John Davisson, Gartner Vice President of Human-Resources Research Brian Kropp and Future of Privacy Forum Senior Vice President of Policy John Verdi took part in the conversatio... Read More
The boss sees you? Monitoring and control of employees' digital activities
This survey, conducted by Datatilsynet, examines workers’ attitudes about employee monitoring tools. Read More
Consent as legal basis for EU and UK employment
Consent is one of the EU General Data Protection Regulation legal bases that can be used to justify the collection, handling or storage of personal data. For consent to be valid, it must be clearly distinguishable from other matters, intelligible and in clear and plain language, freely given, as easy to withdraw as it was to provide, specific, informed and unambiguous (GDPR Article 6, 7 and Recitals 32, 33 and 43). In the employment context, consent is deemed to be problematic. An actual or per... Read More
Vaccine credential systems: Considerations for US employers
Amidst the shifting employment landscape created by COVID-19, employers requiring employees to disclose their vaccination status has become a hot — yet murky — topic rife with privacy-related risks. Vaccination requirements are expected to soon “become dominant in the workplace” due to President Joe Biden’s recent COVID-19 Action Plan. Some employers will be required to impose vaccine mandates for their employees; some will be required to ensure their employees are either vaccinated or tested we... Read More
Women and People of Color Detail Experiences Working in Cybersecurity
This report from (ISC)² details a global study it conducted with cybersecurity professionals to determine their perceptions of diversity in the cybersecurity sector. Read More
CPRA could obstruct existing employment rights
Employment rights and obligations related to human resources data are about to get messy in California. On Jan. 1, 2023, California will become the first state to have a comprehensive data privacy law covering human resources data when the California Privacy Rights Act becomes operational. This change will leave both employees and employers confused regarding the interplay between the CPRA and employment laws because most of the rights under the CPRA either are already addressed or do not make s... Read More
Return to office ‘a perfect storm’ of privacy issues for businesses
Offices around the world closed their doors more than one year ago as many sent employees to work from home while the COVID-19 pandemic unfolded. As vaccinations continue to progress at a steady pace, many employers and employees are eager to get back into the office. As they contemplate how to best take that step, organizations are facing “a perfect storm of all the issues privacy officers should be thinking about,” said WilmerHale Cybersecurity and Privacy Practice Co-Chair Kirk Nahra, CIPP/U... Read More
Web Conference: Employee Health Data Collection Guidelines & Vaccination-Tracking Best Practices
Original broadcast date: March 10, 2021 Is your company following the U.S. Occupational Safety and Health Administration’s recommendations or state guidelines? Do you have a handle on where your health data is being stored, and is it accessible and secure? Companies now have a surplus of health data, whether it’s COVID-19 test or vaccination statuses or general health questionnaire data collected from employees. What are the requirements around keeping this data or disclosing it to your employees? In this privacy education web conference, we will answer these questions to help you understand best practices around health data record-keeping to help you develop a plan now. Read More
Privacy in the Wake of COVID-19
The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More
Checklist: Expedited Vendor Privacy and Security Assessment
As companies, educational institutions, governments and other organizations shift to remote work environments during the COVID-19 pandemic, the need for technologies to facilitate engagement has exploded. In this checklist are key questions for privacy professionals to consider as they navigate this process. Read More
The perils of employee-collaboration tools and how to avoid them
The workforce of today in America looks very different from the one that existed even 20 years ago. Perhaps not gone, but certainly altered, is the image of the harried office worker stuck in traffic, delayed by weather or family concerns, and otherwise desperate to be present in their office between 9 a.m. and 5 p.m. Today, the rise of flexible work schedules, job shares and teleworking, has created much desired flexibility for many workers. In released statistics from a few years ago, more tha... Read More
Sample Employee Background Checks Policy
This sample from HR Daily Advisor sets out rules for investigating the backgrounds and employment references of applicants. Click To View ... Read More
Employee privacy and the GDPR – Ten steps for US multinational employers towards compliance
The European Union’s (EU) new data protection framework, known as the General Data Protection Regulation (the regulation), is, at bottom, a response to the astonishing evolution in online commerce. As a result, only one of the regulation’s 91 articles specifically addresses the personal data of employees. This gap means U.S. multinational employers — especially those engaged in business-to-business (B-to-B) commerce — must carefully parse the regulation to figure out how it applies to their mana... Read More
On Balancing Insider-Threat Protection and Employee Privacy
Recent industry studies (see sidebar above) reveal that insider threats are still one of the biggest corporate grey areas, and, to pile on, insider threats are rapidly becoming an information security challenge. Insider attacks are different from external attacks because insiders, such as employees, third-party suppliers or consultants, already have a foothold in the organization by being granted access to data. Privileged users pose a major risk because they are hard to detect and stop with tr... Read More