Privacy Laws and Your Business: What to Know
Employees expect their employers to safeguard their personal information. Social Security numbers, medical information and other sensitive information must be safeguarded from prying eyes. As an employer, you and your human resources staff must be cautious about who can access such information and how it is treated.
What Information Must Be Kept Private?
Sensitive information must be kept confidential. This includes an employee's:
- Social Security number.
- Other personally identifying information.
- Salary information.
- Health status and medical records.
- Performance reviews.
- Workplace injury reports.
- Reference checks.
Employers must take reasonable precautions to safeguard this information. Locked offices and file cabinets, for example, safeguard paper-based information against identity theft. Personal information located on corporate databases should be encrypted and secured with passwords accessible only to managers and human resources personnel. If a data breach occurs, your methods may be called into question and investigated, so have solid protocols in place for securing and safeguarding personal information.
All companies should have a document shredder in place to completely destroy paper containing confidential information. Additionally, if you store documents off site, check the policies for how your storage facility safeguards information. With identity theft rampant today, it's important to close off any access to potentially confidential employee information.
Privacy and Confidentiality Around Workplace Issues
One area that can be difficult to navigate is that of privacy and confidentiality around complaints, issues or incidents reported by employees to management. An employee's complaint about job safety, a coworker's suspicious activities or allegations about unwanted sexual advances must be treated both sensitively and confidentially. Managers and human resources staff must develop skills to investigate situations without compromising anyone's private information or disclosing confidential information.
Reinforce Confidentiality in the Workplace
As with many human resources tasks, a written protocol should be in place regarding workplace privacy and confidentiality. New hires must be trained according to how your firm handles sensitive information. Although it may seem logical and intuitive to many people, younger people raised in the fishbowl age of social media may not consider much information private anymore. Set forth your expectations clearly to all new hires about what information is considered private. This helps get everyone on the same page, and avoids problems stemming from inadvertent confidentiality breaches.