TMI: Balancing HR Data and Employee Privacy Rights

April 25, 2019 - minute read

Balancing HR Data and Employee Privacy RightsHR data offers employers a powerful tool that can facilitate enhanced productivity, drive talent acquisition, fuel performance management, and more. However, that treasure-trove of valuable employee data also carries a weighty responsibility: to use it appropriately and keep it secure.

As organizations implement new workforce data collection technologies, it’s raising new privacy concerns for employers and employees alike. While HR has always been responsible for maintaining confidentiality of sensitive employee information—Social Security numbers, reference checks, performance reviews, salaries—this is a whole new ball game.

According to an Accenture Strategy survey of 10,000 workers and 1,400 C-level executives, companies are eagerly adopting new data collection technologies—and it concerns their employees. Sixty-two percent of C-level executives confirmed that their companies are using new data collection methods. But while 92% of employees said they were open to it—provided there is a clear benefit—nearly two-thirds said they also worry their information will be compromised.

In addition, beyond existing federal privacy laws, a number of states are passing new legislation that protects employee data privacy. As a result, new data privacy trends are emerging, as employers, employees and legislators work to strike a balance between what’s good for business and what’s nobody’s business.

Webinar Maintain Biometric Privacy and Avoid Liability

Redefining How Background Checks Are Conducted

No one questions that background screenings are necessary to making good hiring decisions. However, when employers initiate preemployment background checks, they’re requesting sensitive personal data that, handled incorrectly, can become a liability.

For this reason, a growing number of employers are outsourcing background checks to third-party service providers that carefully curate the information they share to protect employers and potential employees. The Society for Human Resource Management (SHRM) recommends using screening services with NAPBS (National Association of Professional Background Screeners) accreditation to ensure compliance with the Fair Credit Reporting Act (FCRA), the Equal Employment Opportunity Commission (EEOC) and related laws.  

The same goes for social media checks. While it’s tempting to investigate a candidate’s social media persona, they risk uncovering off-limits information that can taint the hiring process. For this reason, more employers are relegating this task to screening services as well.

The Widening Impact of the GDPR 

Last May, one of the most sweeping data privacy laws in several decades went into effect: the European Union’s General Data Protection Regulation. The GDPR, which strengthens the data privacy rights of EU residents, not only impacts European employers, but U.S. employers that have EU-based employees or sell to EU customers.  

Under the GDPR, companies that collect personal data on EU citizens are highly accountable for it. They can be fined up to 4% of annual global revenue or $23 million (whichever is greater), if that data is infringed on or if a security breach is not reported in compliance with GDPR.

Subsequently, California approved a similar law, the California Consumer Privacy Act (CCPA), set to go into effect on January 1, 2020.  Since the start of the year, at least six other states have introduced similar legislation. While the focus of these bills is consumers, not employees, they indicate an increased prioritization of an individual’s right to privacy and may be the harbinger of future legislation. 

Managing Biometric Data: BIPA Legislation  

As biometric technology has become more advanced, more employers are using it—in the form of fingerprints, facial scans, eye scans and voiceprints—to identify employees. Biometrics are used to punch in and out of time clocks, unlock security doors, and provide access to devices and company software.

To date, three states have passed laws regulating the collection and storage of biometric data. After Illinois passed the Biometric Information Privacy Act (BIPA), Texas and Washington followed suit. Now, Michigan, New Hampshire, Alaska and Montana are considering similar legislation.

BIPA requires companies to follow very specific protocols with regards to the way biometric data is collected, stored and disposed of. In Illinois, employees have the right to sue for damages if their biometric data is incorrectly handled. More than 200 class action lawsuits are currently pending in Illinois state Courts—and the number is expected to grow.

Staying Ahead of Data Privacy Laws and Issues

As data collection technology evolves, the issues surrounding employee data privacy are evolving, too. It’s in every employer’s interest to stay up-to-date as possible—though it’s no small feat.

There’s one easy way to get current on biometric data privacy. Attend our upcoming webinar, “How to Maintain Biometric Privacy and Avoid Liability with Confidence”—and in less than an hour, you’ll be up-to-speed on biometrics and privacy laws, two of the most critical HR issues of the modern age. Register on  

Filed Under: Compliance