Archives: Privacy

Subscribe to Privacy RSS Feed

Private investigations video doesn’t leave employer in dire straits (EU)

In January 2018 we wrote about Ribalda –v- Spain, a European Court of Human Rights case in which a number of supermarket employees were awarded compensation for breach of their privacy rights. They had been stealing quite handsomely from their employer over some months, as they freely admitted, but nonetheless thought it entirely improper that … Continue Reading

New York Strengthens Data Privacy and Security Protections: Employers Must Adopt Safeguards (US)

Joining the growing list of states enacting privacy and data security laws, on July 25, 2019, New York’s governor signed into law the “Stop Hacks and Improve Electronic Data Security” Act (the “SHIELD Act”), amending the state’s data breach notification and cybersecurity law. The SHIELD Act applies to “any person or business that owns … … Continue Reading

When employee consent is the start of the problem, not the end – the GDPR shows some teeth

The Greek Data Protection Authority has imposed a 150,000 EUR fine on PriceWaterhouseCoopers Business Solutions SA for – get this – asking their employees’ consent to process their personal data. It may strike you as counterintuitive (and going against everything your mother ever told you) that asking consent could get you into trouble, but where … Continue Reading

Employee Data Subject Access Requests in the UK: Part 4 – how to deal with mixed data

In part 1 of this blog series, we asked how employers facing a Data Subject Access Request (DSAR) should be dealing with ‘mixed data’ cases, i.e. when a third party’s personal data is intertwined with that of the requester? Mixed data comes in many forms; for example, an email from John to a colleague saying … Continue Reading

Employee Data Subject Access Requests: Part 3 – DSARs and proportionality – limiting the search (UK)

Some DSARs can be wonderfully straightforward: “Can I have a copy of my personnel file?” “Absolutely, here you go” “Can I have a copy of the notes from my appeal hearing?” “Of course, all yours. Any time” However, a large number of DSARs submitted by employees are far more taxing: “Can I have all personal … Continue Reading

Employee Data Subject Access Requests: Part 2 – It’s complicated – extending the DSAR deadline (UK)

In the second of our five part blog series on Data Subject Access Requests (DSARs), we examine the notion of “complexity” and how that might affect the way you respond as an employer to a DSAR. What is “complex”? Under the General Data Protection Regulation (GDPR), data controllers must respond to DSARs “without undue delay … Continue Reading

Employee Data Subject Access Requests: Part 1 – where are we now and what questions remain? (UK)

Just when we thought we were getting to grips with some of the stickier issues around Data Subject Access Requests (DSARs), then along comes the EU General Data Protection Regulation (GDPR) and numerous new ambiguities over how its DSAR provisions might work in practice.  We are waiting for the ICO’s guidance and update on its … Continue Reading

What’s Your Number? Be Careful When Asking Your Japanese Employees.

In many countries, individuals are identified by a unique number issued by the government. Probably the most ubiquitous example is the Social Security Number in the United States, which is generally necessary to obtain employment, open a bank account or obtain a driver’s license, and is used for credit monitoring and other private sector purposes. … Continue Reading

Sexual Harassment Claims Put Non-Disclosure and Arbitration Agreements Under Scrutiny, Resulting in a Flurry of Legislative Action

In the current climate where sexual assault and harassment allegations against Hollywood elite, Congressmen and news anchors have triggered a wave of “me too” allegations, several tools commonly used by employers to shield themselves from liability have come under attack, including non-disclosure agreements (NDAs) and arbitration agreements. Many employers require employees to sign NDAs as … Continue Reading

Illinois Employers Face A Recent Rash of Class Action Lawsuits Filed Under State Biometric Information Privacy Law

Illinois enacted its Biometric Information Privacy Act (“BIPA”) in 2008 to regulate, among other things, employer collection and use of employee biometric information.  Biometrics is defined as the measurement and analysis of physical and behavioral characteristics.  This analysis produces biometric identifiers that include things like fingerprints, iris or face scans, and voiceprints, all of which … Continue Reading

California Latest State to Adopt No-Ask Law

On October 12, 2017, California Governor Jerry Brown signed a salary privacy law prohibiting California employers from seeking or relying on salary history information, including compensation and benefits, about an applicant for employment. Agents of the employer, such as recruiters, are also prohibited from seeking for this information. Further, upon reasonable request, employers must provide … Continue Reading

Spying on an employee in France breaches his right to privacy, even where he is committing breaches of his employment contract

The French Supreme Court recently ruled that an employer could not rely on the report of a private detective it had hired to spy on one of its employees to obtain an injunction against him because this was a breach of the employee’s privacy and that could not be justified, however legitimate were its concerns. … Continue Reading

Icing on the cake for Facebook privacy laws & the impact on your workplace

While Facebook continues to produce evidentiary gold for employers seeking to prove employee wrongdoing, a recent New Zealand case demonstrates that privacy settings can’t be ignored. In a recent ruling, the New Zealand Human Rights Review Tribunal ordered an employer pay an ex-employee a hefty $168,000 after it wrongfully accessed her Facebook page and maliciously … Continue Reading

Keeping your eyes on the road – are there limits to a UK employer’s monitoring of staff movements?

How would you feel about your employer knowing where you are 24 hours a day? News reaches us of a claim by an employee dismissed in the US for deleting a smartphone app Xora which her management had required her to install as part of its mobile workforce management systems.  Xora bills itself (with callous … Continue Reading
LexBlog