HR is changing and is no longer just the paper-pushing, admin department. Most are moving away from the typical, paper personnel files to e-files. Just because the files can no longer be stamped CONFIDENTIAL in large red letters, doesn’t mean they shouldn’t be protected.

What is Data Privacy?

Data privacy speaks to the policies, practices, systems, and regulations that determine how one’s data throughout the data lifecycle. This includes how the data is collected, how it is used, how it is stored and maintained, and how it is disposed of.

From the HR perspective, data privacy is crucial. A lot of personal data is collected on employees and organizations have a duty to ensure it remains private. HR should partner with IT, compliance, and legal counsel to create a thorough policy.

The policy should outline all the “hows” mentioned before. It should also clarify how data is shared, if system activity is tracked, and how login information is secured. Additionally, the policy should include data retention timeframes, employees’ privacy rights, and any commitments to stakeholders.

State, Federal, and International Data Privacy Guidelines

There are also many federal regulations to keep in mind. Data privacy policies will have to incorporate any laws and regulations that might apply to the organization. A few federal laws to keep in mind are HIPAA, ECPA, FERPA, and FCRA. Not all laws will apply to every organization, but it’s a company’s due diligence to make sure they are compliant.

Even stricter regulations might need to be factored in if the company operates in a state like California. In June 2018, California passed the California Consumer Privacy Act. The new law provides more rights to consumers and their data. It’s important to note that the term “consumers” is defined simply as California residents. This is key as that term can apply to not just customers or product end-users, but could include employees as well.

Globally, the conversation around data privacy is growing. In May of 2018, the EU passed the General Data Protection Regulation (GDPR). This is seen as one of the biggest overhauls to data privacy legislation in many years. A major aspect of the EU’s regulation is transparency. Employees must consent to how data is collected, used, stored, maintained, and disposed of.

This is especially true when you look past the typical personnel data needed for payroll, like SSN, date of birth, or addresses. Conducting background checks, drug screens, or credit checks will only increase the complexity of the data privacy policies.  SHRM provides a great breakdown of GDPR and how it relates to HR functions.

Don’t Let Data Privacy Intimidate HR

HR is the gatekeeper for most of the sensitive data within the organization and navigating the complex world of data privacy can be intimidating. Creating a detailed data privacy policy will help mitigate risk and minimize liability. But HR isn’t alone in the task. The policy should be a cross-team effort with support from various business functions like IT, compliance, and legal.  Buy-in from senior leadership is essential to making sure the policy becomes a part of the organization’s culture. Additionally, make sure the data privacy of any third party that data is shared with aligns as well. No policy is effective if it’s not valued and supported throughout all levels and aspects of the business. 

While data privacy is scary, your HR metrics shouldn’t be. An HR dashboard can be the tool you need to help you maintain compliance in this data-heavy world. Sign up for a free demo of our automated HR dashboard today!

Comments are closed.