In a guest article for Corporate Compliance Insights, Constangy partners Ashley Orler and co-author Sarah Rugnetta explored updates in employee data privacy compliance, especially related to emerging technology like AI and biometrics.
In the article, “Data Privacy Laws Protect Consumers, But They Can Apply to Your Employees, Too," Orler and Rugnetta noted that, while consumers are at the center of most data privacy compliance conversations, the rights of employees are also significantly important. California is the only state that has explicitly regulated employee data in their comprehensive data privacy law, but other states still regulate the collection, use and disclosure of employee data.
Biometrics are regulated in Illinois by the Biometric Information Privacy Act (BIPA), which requires that companies provide written disclosure of the collection, use and retention of employee biometric data to employees. Employees must also consent to the practice before it occurs.
The California Consumer Privacy Act (CCPA) covers data privacy disclosure beyond companies that are geographically located within its borders, meaning that any company that does business or could collect data from residents in California is also subject to complying with the regulations outlined in the law.
Elsewhere, New York has recently prohibited employers from using particular automated systems when handling employment decisions without a yearly audit of bias.
Different states have different rules and regulations regarding data privacy that change how employee data is handled. Companies must be diligent in keeping up with the latest laws that are applicable to the areas that they conduct business in to avoid penalties. Orler and Rugnetta recommended assessing applicable laws, conducting a comprehensive audit, implementing robust privacy policies, conducting regular training on handling personal data, obtaining informed consent from all parties involved in data collection and retention, leveraging technology responsibly when handling personal data, minimizing data collection and retention, and being transparent about employee monitoring.
“As the legal environment continues to evolve, staying proactive and informed will be key to successfully managing employee privacy and data protection challenges,” advised Orler and Rugnetta.
To view the full article, you may click here.