2021 will be the year to focus your attention on Employee data privacy
According to Forrester Research Inc., regulatory and legal activity related to employee privacy will increase 100%. “Consumer demand, innovation, and the pandemic are changing the way we work and igniting employers’ desire to collect, analyze, and share employee personal data.” Read their full article here.
Is your business ready for the time-consuming task of locating and providing personal information data to current, former, and prospective employees?
Hundreds of thousands of companies will be subject to the employment data inclusion aspect of California Consumer Privacy Act (CCPA). While some companies may have been taking steps to prepare, the COVID-19 pandemic has most likely delayed forward progress. While legislation is pending, industry experts believe the focus will return in 2021.
Similar to customer data, employee data includes a massive universe of information, typically stored in digital platforms by various departments, in multiple locations. Preparing for this task includes locating employee information in the same way it is done for consumer information, and preparing responses to individual rights requests around that data. Finding, collecting, reviewing and packaging that data in response to a rights request can be a lengthy and costly process.
How does your business plan to operationalize the increased investment in resources, systems, and tools to address a significant surge in the number of requests once rights are opened up to employees? Follow the steps below to position your business for success.
- Map data sources: Employment information spans current and past employees, as well as job applicants. It can be spread around among various systems or partially processed by third parties. Data maps and inventories will ensure you can find the full scope of information in question and adequately respond.
- Identify sensitivities: Employees may be hesitant about exercising their individual rights with their employers out of concern that they might inadvertently risk their good standing with superiors. Build steps into your processes that ease the burden for employees and those fulfilling access requests.
- Create repeatable processes: Strong processes are key to maintaining and demonstrating data privacy compliance. Consider how to safely provide requested data electronically, documentation of the controls in place to protect sensitive information, how requests are fulfilled, and legal parameters for when certain data requests can or should be denied.
- Contingency planning for breaches: Breaches of employment data can put employers and employees in a difficult position, but if the issue is addressed using best practices, everyone will benefit.