Posted in:HR Information Management
An employer-employee relationship is a two-way street, with rights, obligations and responsibilities on either side. When it comes to employee data, employers have an ethical responsibility – and indeed a legal responsibility as well – to ensure employee records are utilized, managed, and stored in a manner that does everything possible to prevent a privacy breech or data leak.
What the Law Says
In Canada, federal legislation protects employees from coast to coast in the form of the Freedom of Information and Protection of Privacy (FOIP) Act. This Act governs matters including access to personnel files, what information an employer can collect about an employee, what information an employer can release and under what circumstances, and more.
At the provincial level, the provinces have their own legislation concerning matters of privacy. In Alberta, the relevant legislation is the Personal Information Protection (PIPA) Act. PIPA’s overarching purpose is to “balance an individual’s right to have his or her personal information protected, and the organization’s need to collect, use and disclose personal information for purposes that are reasonable.” Other provinces have similar laws in effect; in British Columbia, for example, the applicable legislation is also called the Personal Information Protection Act.
It is crucial that employers have a solid understanding of these laws, how they impact company best practices, and what their obligations are in regard to safeguarding employee information. Your Honiva HR Services Consultant can help you navigate these laws to ensure you have a strong Employee Information Management Program in place.
Employer Best Practices
There are some key things employers should do in order to safeguard employee information:
• As with any business record, employee records should be stored in a secured location (physical and digital).
• Access should be restricted to only staff who need the data/information to carry out work for business purposes.
• Every company should have policies around Confidentiality, Intellectual Property, Acceptable Use (internet, email, social media) that speaks to employees being cautious about what information is collected and shared. There may also be a piece in Respectful Workplace policies to curb gossip and inaccurate information sharing.
• Be extremely careful when transmitting confidential and privileged information, such as it relates to employee pay, performance, discipline, notes on open investigations, and biographical information. Where possible, nothing should be shared through external USB flash drives, which can easily be lost or stolen.
A good practice is to implement a Records Use and Retention Policy with stakeholders from HR, Finance, Document Control, IT, and Legal. That way, employees are more aware of how their information is being managed.
Here to Help
We can be reached for a free confidential consultation at +1-403-470-5350 or [email protected] For further details on additional HR service offerings, please visit our website at https://www.honiva.com or follow along for more informative tips by joining us on LinkedIn, Facebook, Twitter, or Instagram. We also run a complementary LinkedIn and Facebook group called “Insights by HonivaHR” where you can access free information on how to become an effective and legally compliant employer. Or you can sign-up for our quarterly newsletter to have help sent straight to your inbox from our company homepage.