The information that Human Resources people process has become delicate. When it is managed through HRIS technology, it is called “big data” – not because of the volume of the data as much as the complexity. One apparently simple piece of info like a name flows through intertwined and integrated processes, available to many readers, and serving diverse interests. But, when you have accountability for the evidence of and direction of human behavior, you risk at least 4 ways privacy rights could get you sued.
4 Ways Privacy Rights accumulate:
- Identity: Every employee has a name, address, age, date of birth, and social security number. Some have photographs, passports, visas, and other picture identification. Some paperwork may include the names and contact information on relatives, scores from skills testing, and record of religious beliefs and military service.
- Money: Human Resources may input data on an employee’s bank accounts, financial history, and property liens and wage garnishment. This information may have been offered voluntarily by the employee or secured through a credit investigation by the employer.
- Health: A personnel file includes administrative information on employee’s medical and health insurance. That may include medical history, including admission of smoking, drinking, drugs, and rehabilitation. For some, there is evidence of disabilities and documentation for medical leaves of absence.
- Character: Some employers and some jobs require light to extensive background searches into employee credit and/or criminal history. This might include personal references, DMV and DUI history, and bankruptcy and debt records.
4 Ways Privacy Rights are guaranteed:
- HIPAA (Health Insurance Portability and Affordability Act): Federal legislation promised to protect health information from access, use, and sharing without the formal consent of the individual. The prohibition applies to medical providers, employers, and anyone in possession of or with access to the information. In California, this is strengthened by its Medical Information Confidentiality (MIC) code.
- GINA (Generic Information Nondiscrimination Act): Protects rights to privacy with regard to genetic testing.
- FMLA (Family Medical Leave Act): Keeps private the records attached to leave of absence and/or rehabilitation.
- FACTA (Fair and Accurate Credit Transactions ACT): Stops employers from abuse or misuse of information obtained through a background check on credit or crime.
In addition, interested legislators are looking for ways to protect employee emails, social networking, and personal work.
HRIS and Employee Privacy Rights:
Manually processed and managed employee records are exposed to extensive liability risk – even when you fully trust your Human Resources staff. To minimize this risk, you can physically secure records and train extensively in the needs to protect. You can resist access by executives and interested managers. And, you can seek support from your business attorney on compliance issues and best practices.
HRIS programs will support the methodology of managing employee records better than any warm bodies will. Assuming your data entry is accurate and secure, HRIS will obviate the need for most paper documentation. Technology can secure content without physical property and space. Well structured, HRIS will manage access to specific tracks of information to those with the training and needs-to-know authorization. And, you will enjoy the extra privacy assurances that the HRIS providers have built into the programs and their installation.
The use of HRIS does not guarantee 100% protection from abuse and misuse of employee privacy rights. Abuse and misuse, by definition, reflect malicious intent, and that is a whole other problem. However, HRIS greatly reduces the unintended abridgement of privacy rights that arises from human records processing and administration. It reduces the number of human hands, and it effectively manages those with easy access. Start working early with your HRIS provider and make sure they know employee privacy rights are a major concern for you and all your business stakeholders. Start the conversation with a focus on these 4 ways privacy rights could get you sued.
