When we think about data privacy and complying with data regulations, the first thought that comes to mind is how the consumer’s data is stored, processed, and shared. It is not just the consumer’s data that is supposed to be protected but also the data of your employees within the system. Privacy laws like the CCPA and GDPR are primarily focused on consumers’ personal data, but also impacts the data collected by employers of their employees.
According to CCPA Section 1798.150 and employment attorneys, Justine Phillips and Jessica Gross, there are three critical points that an organization’s HR department needs to keep in mind with regards to privacy regulations:
- “It requires mandatory privacy notices and disclosures about the data collected by employers and purpose for collection.”
- “It provides for statutory damages ranging from $100-750 if sensitive personal information is breached.”
- “It expands the right to request access/deletion of personal information.”
In other words, the HR department of an organization also has a huge responsibility on their hands, and failure to comply with these three points could result in heavy payment and penalties, both as fines and statutory damages. This article will talk about the steps that can be taken by organizations to comply with these regulations.
Steps towards compliance
In order to have a robust HR strategy, the first step before anything else is to check state laws and ensure that your organization is compliant with relevant data privacy laws.
- Understand what laws apply to your organization. Data privacy laws are constantly evolving, and the HR of an organization should be aware of all the pending bills on data privacy regulations. It is often advised to set up automated alerts that will save you from business attacks and inform you about new cybersecurity and data privacy laws.
- Assess your organization’s compliance requirements. Data privacy laws are different depending on location, industry, clientele, and types of data being processed. It is important for the organization to be aware of what compliance requirements it fulfills and what kind of laws apply to them.
- Expand your knowledge base. Become well versed about data privacy matters to help inform employees and clients about their data privacy rights. The better your understanding of data privacy, the more effective you will be in advising leadership on how these regulations impact a company’s business.
- Set expectations with staff. The HR department needs to stress the importance of protecting a person’s sensitive information and what it means to adequately balance individual privacy concerns against the requirements of running a business. Organizations need to create a culture of compliance while applying the best practices.
- Maintain transparency. HR professionals need to go beyond knowing employment laws or understanding cybersecurity. Viewing data privacy and compliance through the lens of relevant laws and regulations will help inform HR professionals on where HR data should be kept and how best to store and protect it. This will create trust among employees, third parties, and even clients.
What does the future hold?
2021 will give birth to new laws and regulations which will increase the protection of your employees. This is added with layers if a company is working nationally or internationally (international organizations need to comply with the European GDPR as well as other global privacy regulations)
This would mean that organizations need to be transparent about the data that they store about their employees and also protect this data from any sort of breach. Failure to do so could result in heavy fines and penalties. Employees have the right to know what kind of data is being collected by their employer and how it is being used.
The current global pandemic has caused a massive drop in employment, but this is still temporary. People will get new jobs, and when they do, organizations need to be careful during the onboarding process, being mindful of all the data that they collect, how they use it, and how it is stored in a secure manner.
Key takeaway
Employees have rights just as much as a consumer, and it is the HR department’s responsibility to provide the employees with these rights. These rights include the right to access and deletion of information. Organizations are also responsible for protecting the stored data and have full transparency of the data that is collected. Organizations store a lot of data about their employees, and these are things that they never used to do, without even realizing they are doing it.
Organizations may be able to track everything from when the employee wakes up in the morning to where they go on the weekend. In light of all this data being collected, the employees deserve to know what data their employers are using and how they are using it.