| Employee Privacy – Collecting and Protecting Information

Employee Privacy – Collecting and Protecting Information

Posted by Caitlin McCuaig

May 1st, 2019

A good employee – employer relationship is built on trust. Throughout the hiring process and as employment begins, employees are required to give personal information to their employers such as birthdate, address, and possibly even medical information for insurance purposes. There is a delicate balance between how much information an employee should be required to provide to their employer and what is reasonable for the employer to request. In addition, once this information is collected, it is the duty of the employer to ensure that this information is stored securely. The Personal Information Protection and Electronic Documents Act provides clear guidelines on how public institutions such as business can collect private information and how it must be securely stored in Canada.

So how much information does an employer need to collect from their employees. In Ontario there is no specific guideline stating how much, and what type of information an employer can collect from their employees. Here are a few tips that will help employers collect information ethically and reasonably.

• The employer should state what personal information it collects from employees, why they are collecting it and what will be done with this information.

• Collection, use, or disclosure of personal information should normally be done only with an employee's knowledge and consent.

• The employer should only collect personal information that is necessary for the stated purpose, and collect it by fair and lawful means.

• The employer should only use or disclose personal information for the purposes that it was collected for, keep it only as long as it is needed, and release information if required to disclose by law or court order.

• Employees' personal information needs to be accurate, complete, and up-to-date.

• Employees should be able to access their personal information, and be able to challenge the accuracy and completeness of it.

Employers can unintentionally violate their employees with the best intentions. An example of this is birthdays in the workplace. While people enjoy acknowledging their co-workers’ birthdays, not everyone appreciates this being public information. A good way to protect your company is at the time of onboarding, require that each employee to sign a release allowing their birthday to be posted on the company website or requesting that it not be disclosed. Developing a healthy employer – employee relationship with a foundation of trust is crucial to retaining employees and creating a friendly workplace.

References

https://www.priv.gc.ca/en/privacy-topics/privacy-a...

https://www.priv.gc.ca/en/privacy-topics/privacy-l...