Is It Legal for Hr to Disclose Personal Information

Many workers are concerned about their privacy rights and their employer`s access to sensitive and personal information. And rightly so! From the moment someone applies for a job, the employer has information from your home address, date of birth, and even your Social Security number. Gone are the days when the disclosure of personal information did not put the individual at risk of identity theft and other crimes. That`s why it`s important that you know exactly what your legal obligations are when it comes to protecting your employees` privacy. Has your employer disclosed your personal health information to your employees? Does your employer install visible cameras above the company`s cash register? Do you feel like your employer has hired a private investigator to monitor where you go after work? Data protection has increasingly become a burning issue. Employers need to recognize the importance of emphasizing the need for a thorough and consistent approach to protecting HR and performance data as a risk management and compliance issue, as well as a public relations issue. As employers emphasize confidentiality and privacy both internally and externally, all parts of the organization should be encouraged to demonstrate what they are doing to protect personal information. Many state laws also prohibit employers from sharing medical information with unauthorized persons. These state laws are not preempted by HIPAA if and to the extent that they provide better data protection than HIPAA. The mission statements and corporate philosophies of many organizations include confidentiality as one of the principles and principles of business ethics. Listed companies almost always warn their employees of the consequences of insider trading, based on knowledge of the company`s strategy. Penalties for using company information for personal purposes can include hefty fines and jail time.

However, the line is somewhat blurred when employers share employee information with their colleagues. Employee information disclosed may vary from state to state. You want to make sure you`re up to date with your state`s laws protecting your employees` privacy, as well as federal laws. An employer`s legal obligations regarding maintaining the confidentiality of employee data are potentially extensive and include the following: What constitutes “personal data” from a legal perspective may vary from state to state. Recent legislation in California (discussed later in this article) defines this information as follows: Tulane University`s online Master of Jurisprudence in Labor and Employment Law School provides you with in-depth training in the legal aspects of human resources practice that are essential for dedicated professionals in the field. Learn about our program, which covers privacy in the workplace, as well as labor discrimination law, negotiation, intellectual property, and more, and master the legal intricacies of labor law in just two years. Beyond these restrictions, the disclosure of employee information is largely unregulated. In fact, as part of outsourcing administrative functions, many employers share a variety of employee personal information with third-party vendors. The largest provider of its kind, the work number, handles all of a company`s reference checks, if the company reciprocates by providing the work number with information about its own employees. In addition, in some cases, the work number transmits this information to its parent company, Equifax, which in turn may sell the information to lenders and collection agencies.

These activities are currently legal. However, if the employee can prove that the disclosure affected his or her privacy, that the disclosure of the information would be offensive to a reasonable person of ordinary sensitivity, and that there is no legitimate public concern, the employer is liable for the invasion of privacy. For example, that an employee is HIV-positive or a member of Alcoholics Anonymous. Laws, both federal and state, set limits on the employee information employers can disclose. For example, the Americans with Disabilities Act requires employers to separate information about an employee`s medical condition from the employee`s personnel record and treat it as a confidential medical record. Under the ADA, this information can only be shared with supervisors and managers regarding accommodations the employee needs, first aid and safety personnel if the employee requires emergency treatment due to their disability, and government officials investigating ADA compliance. While this incident did not involve employee data, it is just the latest in a series of high-profile data breaches that have prompted employers (and state legislators) to focus more intensely on what should be done to protect the privacy of personal data, including employee data. in the hands of employers. Following the passage of a law in California in 2002 requiring companies to take certain safeguards to protect personal information (and disclose it promptly in the event of a security breach), a number of other states followed suit with similar laws. These government efforts follow federal legislative initiatives to better protect personal and health financial information. California`s laws will certainly become a national framework for workers` privacy rights. For the latest information on legislation in your state and beyond, visit the Complete Payroll blog.

We have articles on privacy and much more to answer all your questions about HR and payroll. State laws for the protection of personal data. In 2004, California enacted a law requiring companies that store computerized data containing personal information to notify the owner of that data of any data security breach immediately upon discovery of the breach if the personal information was acquired by an unauthorized person or can reasonably be assumed. The law defines “personal information” as an individual`s first or last name combined with a Social Security number, driver`s license number, California ID card number, medical information, or credit card, bank account, or debit card number (in combination with a security or access code). Appropriate notification of a security breach includes, in appropriate circumstances, written, electronic or replacement notice (e.g. a prominent notice on the employer`s website or a notification to the national media). Some states have gone beyond the requirement to notify employers and require or encourage employers to take certain measures to ensure the security of personal information. For example, Colorado law requires employers to develop a policy for the proper destruction or disposal of paper records containing “personal information.” Employers may even be required by law to notify prospective employers and others who must be notified of an employee`s termination if the employee has been terminated for violent behaviour, theft, sexual misconduct or other misconduct that may endanger the health or safety of others.

If the personal data disclosed is not a legitimate public concern, disclosure of the information would constitute an invasion of privacy and employers could face serious consequences. Employee performance records. There is a growing realization that certain information about benefit plans and plan members is an “asset” of the plan that should not be shared or misused in a way that is not in the best interests of plan members.