Workplace Privacy


Workplace Privacy Topic Page

Here, you can find the IAPP’s collection of coverage, analysis and resources related to workplace privacy.

Featured Resources

The ins and outs of workplace privacy law

This podcast episode discusses some of the pressing trends in workplace privacy, including CPRA obligations, workplace surveillance and artificial intelligence issues, international data transfers, and data security best practices.
Read More

Privacy in the world of hybrid work

This web conference discusses how to navigate data privacy in a world of hybrid work where cloud computing is growing.
Read More

Can Privacy Thrive in the Virtual Workplace?

This web conference covers how colleagues are tackling the virtual workplace, how to build data protection practices into a virtual company and what collaboration tools are being used.
Read More

Additional News and Resources

Top issues to address when using automated employment decision-making tools

As we wait for the EU Artificial Intelligence Act to pass, AI enforcement is imminent in the U.S. On the federal level, we have both joint and individual statements from the U.S. Federal Trade Commission, Justice Department, Consumer Financial Protection Bureau and Equal Employment Opportunity Commission, as well as the White House's Blueprint for an AI Bill of Rights and follow-up Fact Sheet on new actions to Promote Responsible AI Innovation that Protects Americans' Rights and Safety. At the ... Read More

Pulling back the layers on employee monitoring

The Wall Street Journal conducted a roundtable discussion with privacy professionals on the current landscape for employee surveillance and monitoring. Topics covered include how widespread monitoring has become, legal limits and ethical versus non-ethical deployments. Electronic Privacy Information Center Senior Counsel John Davisson, Gartner Vice President of Human-Resources Research Brian Kropp and Future of Privacy Forum Senior Vice President of Policy John Verdi took part in the conversatio... Read More

Consent as legal basis for EU and UK employment

Consent is one of the EU General Data Protection Regulation legal bases that can be used to justify the collection, handling or storage of personal data. For consent to be valid, it must be clearly distinguishable from other matters, intelligible and in clear and plain language, freely given, as easy to withdraw as it was to provide, specific, informed and unambiguous (GDPR Article 6, 7 and Recitals 32, 33 and 43). In the employment context, consent is deemed to be problematic. An actual or per... Read More

Vaccine credential systems: Considerations for US employers

Amidst the shifting employment landscape created by COVID-19, employers requiring employees to disclose their vaccination status has become a hot — yet murky — topic rife with privacy-related risks. Vaccination requirements are expected to soon “become dominant in the workplace” due to President Joe Biden’s recent COVID-19 Action Plan. Some employers will be required to impose vaccine mandates for their employees; some will be required to ensure their employees are either vaccinated or tested we... Read More

CPRA could obstruct existing employment rights

Employment rights and obligations related to human resources data are about to get messy in California. On Jan. 1, 2023, California will become the first state to have a comprehensive data privacy law covering human resources data when the California Privacy Rights Act becomes operational. This change will leave both employees and employers confused regarding the interplay between the CPRA and employment laws because most of the rights under the CPRA either are already addressed or do not make s... Read More

Return to office ‘a perfect storm’ of privacy issues for businesses

Offices around the world closed their doors more than one year ago as many sent employees to work from home while the COVID-19 pandemic unfolded. As vaccinations continue to progress at a steady pace, many employers and employees are eager to get back into the office. As they contemplate how to best take that step, organizations are facing “a perfect storm of all the issues privacy officers should be thinking about,” said WilmerHale Cybersecurity and Privacy Practice Co-Chair Kirk Nahra, CIPP/U... Read More

Web Conference: Employee Health Data Collection Guidelines & Vaccination-Tracking Best Practices

Original broadcast date: March 10, 2021  Is your company following the U.S. Occupational Safety and Health Administration’s recommendations or state guidelines? Do you have a handle on where your health data is being stored, and is it accessible and secure? Companies now have a surplus of health data, whether it’s COVID-19 test or vaccination statuses or general health questionnaire data collected from employees. What are the requirements around keeping this data or disclosing it to your employees? In this privacy education web conference, we will answer these questions to help you understand best practices around health data record-keeping to help you develop a plan now. Read More

Privacy in the Wake of COVID-19

The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More

The perils of employee-collaboration tools and how to avoid them

The workforce of today in America looks very different from the one that existed even 20 years ago. Perhaps not gone, but certainly altered, is the image of the harried office worker stuck in traffic, delayed by weather or family concerns, and otherwise desperate to be present in their office between 9 a.m. and 5 p.m. Today, the rise of flexible work schedules, job shares and teleworking, has created much desired flexibility for many workers. In released statistics from a few years ago, more tha... Read More

Employee privacy and the GDPR – Ten steps for US multinational employers towards compliance

The European Union’s (EU) new data protection framework, known as the General Data Protection Regulation (the regulation), is, at bottom, a response to the astonishing evolution in online commerce. As a result, only one of the regulation’s 91 articles specifically addresses the personal data of employees. This gap means U.S. multinational employers — especially those engaged in business-to-business (B-to-B) commerce — must carefully parse the regulation to figure out how it applies to their mana... Read More

On Balancing Insider-Threat Protection and Employee Privacy

Recent industry studies (see sidebar above) reveal that insider threats are still one of the biggest corporate grey areas, and, to pile on, insider threats are rapidly becoming an information security challenge. Insider attacks are different from external attacks because insiders, such as employees, third-party suppliers or consultants, already have a foothold in the organization by being granted access to data. Privileged users pose a major risk because they are hard to detect and stop with tr... Read More