Workplace Tribes

Discussing all things HR

t4

Subscribe via E-mail

Your email:
Expert Insights

Expert Insights

Latest Posts

Posts by Category

Popular Posts

Current Articles | RSS Feed RSS Feed

Employee privacy laws around the world

Posted by TribeHR Staff on Mon, Oct 03, 2011
 

By Vivian Wagner, special to Workplace Tribes

Employee privacy laws vary greatly between the United States, Canada, and member states of the European Union. Privacy laws around the world are complex, convoluted and ever-changing, with regular alterations and updates in legislation and case law, but here are some basic principles to keep in mind:

United States

U.S. privacy law is actually a combination of laws and statutes, including federal legislation, state legislation, the U.S. Constitution, and common law.

The American Constitution

Many U.S. privacy rights are enshrined in the Constitution.
Flickr/Chuck Coker

Most U.S. laws regarding privacy, dating back to the Constitution itself, protect individuals from governmental invasion of privacy. Several acts in the U.S. strengthen these protections, including The Privacy Act of 1974 and the Privacy Protection Act of 1980. 

Recently, however, there has been more of a focus on protecting individual privacy in the private sector.

One of the key acts affecting the employer/employee relationship is the Health Insurance Portability and Accountability Act (HIPAA), which provides protection of personal health information. Employers must be careful not to violate HIPAA when gathering, storing, and using medical information, but there are exceptions. 

"The HIPAA Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes," explained Paul Hilton, a human resources consultant based in Sumter, S.C.. "It gives you rights over your health information and sets rules and limits on who can look at and receive your health information."

Hilton notes that employers in the U.S. should also be aware of the following: 

  • The Stored Communications Act (SCA), which prevents employers from listening in on employee's phone calls or accessing unopened emails
  • The Fair Credit Reporting Act (FCRA), which requires obtaining an applicant's consent before using a third party to do background checks
  • The Genetic Information Nondiscrimination Act (GINA), which prohibits interview or application questions that lead to a disclosure of a person's genetic information.

Canada

A conference sponsored by the Privacy Commissioner of Canada

In Canada, a government office (The Privacy Commission) is devoted to studying and protecting privacy rights. Flickr/Mark Blevis

Unlike the U.S., Canada centrally supervises the private sector's use of personal data. Two main acts govern privacy in Canadian law: The Privacy Act, which regulates the federal government's use of personal data, and the Personal Information Protection and Electronic Documents Act (PIPEDA), which regulates the private sector.

The Office of the Privacy Commissioner of Canada recommends the following guidelines in order to ensure compliance with the country's laws:

  • Tell employees what personal information you're collecting, why you're collecting it, and what you'll be doing with it
  • Obtain an employee's consent when collecting, using, or disclosing any personal information
  • Collect only the information needed for a stated purpose
  • Keep information only as long as it is needed
  • Make sure that the information you collect is accurate, complete, and up-to-date
  • Allow employees to access any personal information, and to challenge or correct any errors

European Union

The European Union has tougher privacy laws than either the U.S. or Canada. The European Privacy Directive of 1998 imposes strict limitations on what personal information employers can collect about employees, how they can collect it, and what they can do with it.

In Europe, employers must obtain an employee's consent before gathering just about any personal information at all, and employee monitoring must be kept to a minimum. In Europe, the safest practices are:

  • Limit personal questions, both on applications and in interviews
  • Always seek an employee's consent before gathering data that could be considered personal or private
  • Avoid monitoring employees' emails, phone conversations, or other communications, even when they're conducted using company computers, phones, or other equipment

For U.S. companies dealing with member state of the European Union, these rules can be particularly difficult, especially since the passage of the European Commission's Directive on Data Protection in 1998, which prohibits the transfer of personal data from the EU to non-EU countries. 

For U.S. companies doing business in Europe, a "Safe Harbor" certification can be obtained that allows for the transfer of data, if they ensure their privacy policies are up to EU standards.

Privacy law is complicated, both in the U.S. and around the world. With some care, however, as well as good legal advice, employers can ensure that they remain within the bounds of the law.

 

TribeHR's human resource management software never invades your privacy or violates your rights. Sign up now for a free trial!

 

footer
Tags: , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics