Saturday, July 20, 2019

Employee Privacy During Employment

Employee Privacy During Employment In the world, which thrives on the internet and other electronic media to network with the job and non-job related communication, the employee privacy has become a concerned subject. But in the reality, the employee doesnt have much privacy. This document will display information on employee privacy during employment. We discuss background checks, electronic surveillance, the internet and email privacy and more. Employee privacy laws for both U.S. and European union are different in multiple ways. In this document, we will compare the laws by researching the various applicable employee privacy laws both the nations implement for the corporate sector. The two aspects of employee and employer relationship are monitoring employee and conducting background checks. United States European Union The diminished expectation of privacy at the work environment. At the work, environment employees are entitled to expect privacy. Monitoring of employees is okay if the employer is providing a full notice about the monitoring activities and its purpose. Failing to notice will subject the employer to liability Only on instances of important business need and specific instances employee can be monitored by the employer. It is much stricter than the US privacy laws. The privacy laws in use a patch work of the U.S. federal and state privacy laws which regulate the collection of data on certain instances of sensitive information protection of health or financial information, special protection for groups such as children, address the certain abuse of apparent market failure. The collection and use of personal data across all sectors is regulated with omnibus data protection laws. Table 1 United States vs European Union privacy law differences 2.1. United States The primary federal law leading the background checks in united states is the Fair Credit Reporting Act (FCRA). FCRA is applicable to both California and Illinois, the state laws can provide more rights to employees but they will not be able to take away the basics of FCRA. The FCRAs goal is to protect and provide accurate the information regarding the credit history, capacity, reputation and worthiness of the employee/consumer. FCRA is only applicable for the employers or firms and not for individuals who want to perform a background check on themselves or verify their credit reputation. Only particular agencies and employers are eligible for requesting FCRA for the background check. The employer who is requesting the background check must have be complied with certain other Federal and state laws. The employers who request for background check report for employment purpose, per the FCRA the employer or the agencies must provide the employee/ applicant a clear and noticeable printed notice about the change and receive a printed consent from the employer who is requesting the report. The documented printed should be a separate document and not part of another document. Agency who provide the background service for employment, the employer must be certified that the employer: Should have employees consent in printed format Must have provided notice to the employee. The reports information shouldnt be used in violation for equal employment opportunity regulation. Employer must be complied with FCRA requirements, before executing any action with the report In California, the FCRA has a plus, where it allows the applicants who have gone through background check view there report and know if any information is any inaccurate. And it also allows the employer to perform the checks. As FCRA in whole only allows the agency third party to perform the checks. In California, this process is called Investigative Consumer Report (ICR). An employer can only request reports for certain positions and per the categories the applicant must be informed. 2.2. European Union In the European union when the employer wants to run a background check on the applicants or the employees in the firm, to assess and verify the details, the employer must comply to the local member state laws at the firms location and the Data Protection Acts (DP Acts) for EU. Every member state has specific laws which affect the background check, specifically for criminal records. Every member states background check will have a different report. Local state Labor and Employment laws also have obligations on the checks. 2.2.1. France In France for background checks the employer must get prior permissions from the DP Acts in France it is called CINL, this is to collect information for background check. The employer only allowed to get personal information only which is directly relevant to the background checking. The law in France prohibits checks on credit transactions, even if the applicant is willing to provide. Only for certain categories of job position it can be retrieved and must be with consent and information which can be retrieved is limited. The applicants apply for certificate of good standing to get conviction, court record or legal judgements and proceedings. The employer must inform the applicant with the information about: Data transfer to United States People who will receive the information Purpose of the data collection Ability to correct data after its collection Mandatory questions CINL specifies that all the information about the applicant can be viewed and edited after submission of the application for checking. 2.2.2. Germany In Germany Bundesdatenschutzgesetz (BDSG) is the DP Acts that regulates the local law where the applicants personal information cannot be collected and processed without the permission from the applicant, consent is a must and lawfully. Only limited information can be retrieved from the applicant and any violation will lead to fine up to 300,000 pounds. The applicants work development experience and criminal history can be collected and processed. Only during the recruitment process, if failed a written consent will be required from the applicant. Credit worthiness cannot be checked under German DP Acts. 2.2.3. United Kingdom In UK, the information commissioners Office (ICO) regulates the DP Acts. Is very general background checks, they can collect information about the applicant for specific job. The difference is the ICO states that the data collected must be destroyed in a secure  Ã‚   manner within six months. 3.1. United States Electronic Communications Privacy Act (ECPA) denies monitoring and tapping of electronic, email, oral and wire communications. Only email accounts given by the employer can be monitored. Stored Communications Act (SCA) is about the stored messages and its access. It is unlawful to access the contents or electronic communication without authorization or intentionally. It also a violation to prevent alter the data in the storage. The SCA states that the employers being the service providers of the email communication service which is dedicated for the firm can be used to monitor the employees email communication and retrieve the email, this has been approved by the US Court. The employers are also reserve the right to monitor the internet usage of the employees in the firm. Employers already mention the policies which will be implied and is requested by the employees to go through them be aware of them being monitored. 3.2. European Union The European unions DP directives and telecommunication directive are considered also European Convention on Human Rights (ECHR) and article 29 working party opinion, all these laws are implied on the monitoring of employees. Monitoring of the employees by the employer is not encouraged until unless there are specific business needs. If the employer decides to monitor an employee then the Working Party asks the employer to follow certain guidelines and be complied, with keeping in mind the employees right to privacy: Transparency Necessity Finality Legitimacy Proportionality Accuracy and data retention Security 3.2.1. Transparency Monitoring is prohibited and is limited in few circumstances, All the policies must be accessible by the employees which specify about monitoring. The employers should clearly mention the actives which will be monitored. The employer should beforehand inform the employees about the monitoring activities. If any misuse is alerted, the employee must be informed about it at the earliest 3.2.2. Necessity Monitoring should be performed only if necessary for exceptional cases. The data related to monitoring  Ã‚   must  Ã‚   be destroyed securely and not retained more than the specified period. Privacy impact assessment must be performed before the monitoring starts. 3.2.3. Finality The data which is collected for monitoring, must be dedicated to the monitoring tasks only and should not be misused by using the data for other process and functions. All monitoring data is specific to the process requiring the monitoring. 3.2.4. Proportionality Monitoring of the employee data must be in scope and hidden monitoring actives must be voided by the employer. If the employer implements less intrusive monitoring of employee it is better.   Any important notification must be informed to the concerned member. Having an audio and video monitoring at a place which is expected to ensure privacy must be avoided. 3.2.5. Accuracy and Data Retention The data must be stored only for 3 months and not more. The data collected must be for the mentioned monitoring objectives.   The data collected must be retained and updated for the period of task which required the monitoring. 3.2.6. Security The employer must have in place protection for the personal data logged from monitoring and make sure the data is not being altered or breached. 3.3. France Employee must be informed before monitoring is initiated. The employer must define the policies properly with the mention of disciplinary actions. Before making the policies final the labor inspector must approve the internal rules mentioned in the policy. The related files and emails which are monitored must only be viewed with the concerned employees presence and only during an investigation. 3.4. Germany The employers communication facility must be prohibited to use, until necessary. Then the employee monitoring is approved. The employer is not allowed to tap, sniff or monitor the internet usage or email communication of the employee private internet provider. If email and document are mentioned as private or sensitive, they must be excluded from being monitored. The DPO and Works council must be involved and monitoring actives must be recorded and documented in a legal framework 3.5. United Kingdom Interception of communications and Regulation of Investigatory Powers Act(RIPA) regulate the monitoring laws. They specify the extent an employer can try to monitor and record the data of the employees. and, how the data is being monitored, is it internally or being sent over the network. Mobile device communication monitoring is allowing. The employer must inform the employees about the monitoring, adhering the transparency requirement. And any unlawful monitoring is same a criminal offense. 4. Conclusion Both the regions European Union and United States have different approached toward the employees privacy. In European Union employers, must justify every detail collected about the applicant or employee and the monitoring is nearly denied in law in France, Germany and United Kingdom, these state members impose their own laws. Alternatively, which in United States, the data collection from the employee and applicant is legal under the law until unless it is being misused and deviating from the purpose of the collected personal information. The employees monitoring is also allowing and is regulated under law. For JP Consulting Inc under both legal government administrations, a twofold method is reasonable, the Sites in EU must control the data collection and its monitoring activated per the local state member laws of France, Germany, United Kingdom and in U.S they can have monitoring and data collection extensively. https://www.privacyrights.org/consumer-guides/employment-background-checks-california-focus-accuracy http://leginfo.legislature.ca.gov/faces/codes.xhtml http://www.ftc.gov/os/statutes/fcradoc.pdf https://www.consumer.ftc.gov/sites/default/files/articles/pdf/pdf-0111-fair-credit-reporting-act.pdf http://blogs.dlapiper.com/employmentgermany/2016/10/18/background-checks-aka-pre-employment-screenings-in-germany/ https://www.loc.gov/law/help/online-privacy-law/germany.php http://webcasts.acc.com/handouts/Flick1[1].pdf http://employment.findlaw.com/workplace-privacy/employee-privacy.html https://www.mofo.com/resources/publications/monitoring-employees-striking-a-balance.html

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.