Employee Privacy Versus Employer Privacy

Privacy is important to both employees and employers. If private information is leaked, both parties are exposed to possible harm. In this article, we will look at these two viewpoints separately, and then think about the common concerns between them and the actions that can be taken to safeguard sensitive knowledge about the company and its workforce.

Employee Privacy

In order to function effectively, businesses need to hold a certain level of knowledge about their staff; this is subject to the Data Protection Act, which imposes conditions on how it can be processed and how it must be stored.

If companies operate policies in accordance with the Act then their workers will find that their data is protected. For example, personal details cannot be transferred to a country that does not have the legal infrastructure necessary to ensure their protection.

People have the right to access the details that any organisation, including their own employer, holds about them. They are also permitted to correct the records if they find them to be inaccurate, and to ask the company’s data controller to ensure that these corrections are applied to the originals.

Employer Privacy

The majority of articles on this website are concerned with privacy from the point of view of employees. However, businesses also have certain similar expectations. For example, workers who are informed of trade secrets are normally obliged to keep these confidential even if they subsequently go to work for someone else.

Businesses will often ask potential staff or contractors to sign non-disclosure agreements if they need to be made aware of specific secret details about the company’s operation before they can decide whether to take the job. Similarly, employees may be tied into non-compete agreements where they are not allowed to work for a direct competitor or current client for a set period of time if they choose to resign.

Companies need to make sure that their workers take sensible precautions when handling their data, not just that relating to living people, but everything held within the company.

A business’s reputation or profitability could be seriously damaged by carelessness in the way its workers choose to store and transfer electronic records. For example, open wireless connections could enable unauthorised access to confidential information, as could allowing unencrypted files to be taken into the outside world on laptops, CD-ROMs, memory sticks and so on. Businesses should put policies in place to prevent such lapses of security, and should ensure that staff receive adequate training in the importance of following these precautions.

Bringing These Concerns Together

There are two aspects to maintaining control of sensitive records: organisational policies and personal trust. If either of these things is found wanting, it will be difficult to prevent private details from being used inappropriately.

Comprehensive policies, strictly enforced, are a necessary foundation to ensuring that private information about both the organisation and its employees is collected, maintained, processed and disposed of in a confidential manner. But it is necessary to build on this policy framework by instilling in the workforce a respect for the privacy of sensitive details. The combination of these two factors is necessary to ensure that private information is kept confidential for the benefit of all.

The EU General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) superseded the UK Data Protection Act 1998 on May 25, 2018. It expands the rights of individuals to control how their personal data is collected and processed, and places a range of new obligations on organisations to be more accountable for data protection.

Organisations are obliged to have technical and procedural measures in place to safeguard the personal information they hold. If you do not believe that an organisation that you have entrusted your records to is behaving responsibly, you have cause to complain.