Employees all have rights in the workplace. They have a right to be free of discrimination, they have a right to be paid fairly, and they have a right to their privacy. Federal and state laws are in place to protect these rights. All employees should be protected from being discriminated against or being treated unfairly.
In addition to the recent GDPR hype, mostly due to GDPR scaremongering by the media, there are laws that protect employees from unsafe workplaces too. You need to make sure that you conduct your business with these laws in mind and keep employees’ information and their families’ information private and confidential. What follows are five things you could be doing to breach these privacy rights.
With personal numbers on them, peoples’ work schedules can be printed. It makes contacting each other for work easier. However, when you put a roster up in public it puts you and your employees at the risk of identity theft. While it is not extremely likely to happen, it could.
Doing so could increase the risk of identity theft and it could, in some situations, cause problems for employees who have stalker issues. This could open up your business to lawsuits. It could be sued for harassment if the employee is subject to such stalking because their private information was accessible. Do not post private numbers in public.
Every employer and employee uses e-mail to communicate every day. Some correspondence is professional and some private. You want to avoid having extremely personal or private conversations by e-mail.
These could fall into the wrong eyes and then possibly forwarded to the wrong people. Alternatively, if you have a misunderstanding with someone, privacy can be made public to humiliate or otherwise upset another person.
Always keep e-mail a place to do professional correspondence at work. If you must be personal, keep it general.
All businesses must keep records. No one enjoys compiling and maintaining records but they must be kept. In Australia, employee records are held for seven years. US tax records for four years are kept on record. For injuries on the job, the period is 10 years. All records include various information like names, date of commencement, pay and other identifiable information. Kept online in a secure format is sensitive information.
You must keep records, but you also must know when to destroy that information. Holding on to information could subject your employees or your business to identity theft or legal problems.
Now that you have a personal data protection policy in place, you feel safe. That is just one part of the equation. You must also enforce your policy. Create the policy and make sure it accounts for the data that you obtain and retain.
Have employees sign printed copies of this policy and put a copy into each person’s HR file. This provides a paper trail that shows everyone knows the policy and that everyone has read a copy and understands it. If someone violates the policy, it is easier for you to document that they did know about it. You have their signed copy to refer to.
Employees want you to keep them safe. They will appreciate it if you work to retain their records and their privacy. Your business will also protect itself and its reputation.