In part 1 of this blog series, we asked how employers facing a Data Subject Access Request (DSAR) should be dealing with ‘mixed data’ cases, i.e. when a third party’s personal data is intertwined with that of the requester? Mixed data comes in many forms; for example, an email from John to a colleague saying … Continue Reading
Some DSARs can be wonderfully straightforward: “Can I have a copy of my personnel file?” “Absolutely, here you go” “Can I have a copy of the notes from my appeal hearing?” “Of course, all yours. Any time” However, a large number of DSARs submitted by employees are far more taxing: “Can I have all personal … Continue Reading
In the second of our five part blog series on Data Subject Access Requests (DSARs), we examine the notion of “complexity” and how that might affect the way you respond as an employer to a DSAR. What is “complex”? Under the General Data Protection Regulation (GDPR), data controllers must respond to DSARs “without undue delay … Continue Reading
Just when we thought we were getting to grips with some of the stickier issues around Data Subject Access Requests (DSARs), then along comes the EU General Data Protection Regulation (GDPR) and numerous new ambiguities over how its DSAR provisions might work in practice. We are waiting for the ICO’s guidance and update on its … Continue Reading
In many countries, individuals are identified by a unique number issued by the government. Probably the most ubiquitous example is the Social Security Number in the United States, which is generally necessary to obtain employment, open a bank account or obtain a driver’s license, and is used for credit monitoring and other private sector purposes. … Continue Reading
A client put this to us the other day – assuming that a photo or video footage of a current or former employee counts as his personal data, which it does, how far will his GDPR “right to be forgotten” allow him to reach into the employer’s records and require that image to be deleted?… Continue Reading
It all began as an everyday tale of Montenegrin academics and some animals, and ended up in a European Court of Human Rights decision with potentially significant consequences for employers across the EU and the UK.… Continue Reading
In the current climate where sexual assault and harassment allegations against Hollywood elite, Congressmen and news anchors have triggered a wave of “me too” allegations, several tools commonly used by employers to shield themselves from liability have come under attack, including non-disclosure agreements (NDAs) and arbitration agreements. Many employers require employees to sign NDAs as … Continue Reading
With apologies for the interruption to this series, here are two further reader questions on the GDPR as it will apply to employers in the UK. I have heard that my corporate email address is my personal data. Does that mean that a DSAR sent to my employer should bring me copies of everything in … Continue Reading
Illinois enacted its Biometric Information Privacy Act (“BIPA”) in 2008 to regulate, among other things, employer collection and use of employee biometric information. Biometrics is defined as the measurement and analysis of physical and behavioral characteristics. This analysis produces biometric identifiers that include things like fingerprints, iris or face scans, and voiceprints, all of which … Continue Reading
On October 12, 2017, California Governor Jerry Brown signed a salary privacy law prohibiting California employers from seeking or relying on salary history information, including compensation and benefits, about an applicant for employment. Agents of the employer, such as recruiters, are also prohibited from seeking for this information. Further, upon reasonable request, employers must provide … Continue Reading
In response to our invitation to contact us with GDPR enquiries, one kind reader has bowled us this particular googlie: Most people in business will have accumulated large contact lists in Outlook email systems or similar, containing many names and other contact details built up over a number of years. Will the GDPR really require … Continue Reading
Here are answers to two more questions arising from next year’s GDPR, this time on website recruitment and data breach notification. More to follow in this series soon. We have a contact form section on our website to allow people to submit details (name, email, phone number & CV) if they want to be informed … Continue Reading
This is the next in our series of posts on questions raised at our recent GDPR webinar. If you have any views or further queries in these areas, please do get in touch. What impact will the GDPR have on Model Clauses? Model Clauses are standard contractual terms adopted by the European Commission for the … Continue Reading
What would count as sharing data with a third party? For example, if we are booking employees on an external training course where we would only provide their name, would this amount to sharing data with a third party? The sharing of an employee’s name with an external training provider would certainly amount to the … Continue Reading
At our recent webinar on “GDPR Compliance: How UK Employers Can Meet the 25 May 2018 Deadline” we were asked a number of questions via the chat facility. Those questions showed that with less than a year to run and much to do before then, there is still widespread uncertainty as to the detail of … Continue Reading
I first became interested in employee privacy and monitoring many many years ago. A client received a complaint from an employee who had just discovered that his brief interlude having sex with a colleague in the stockroom had been caught on the camera placed there to cut down on theft. I forget the precise gist … Continue Reading
With the new Pokémon Go app taking the world by storm, people all over Hong Kong are glued to their screens, zealously catching the little creatures we have loved since its creation in 1995. Numerous people walking the street, at their desks and maybe even sitting in Court are desperately trying to “catch ‘em all”. … Continue Reading
The French Supreme Court recently ruled that an employer could not rely on the report of a private detective it had hired to spy on one of its employees to obtain an injunction against him because this was a breach of the employee’s privacy and that could not be justified, however legitimate were its concerns. … Continue Reading
While Facebook continues to produce evidentiary gold for employers seeking to prove employee wrongdoing, a recent New Zealand case demonstrates that privacy settings can’t be ignored. In a recent ruling, the New Zealand Human Rights Review Tribunal ordered an employer pay an ex-employee a hefty $168,000 after it wrongfully accessed her Facebook page and maliciously … Continue Reading
How would you feel about your employer knowing where you are 24 hours a day? News reaches us of a claim by an employee dismissed in the US for deleting a smartphone app Xora which her management had required her to install as part of its mobile workforce management systems. Xora bills itself (with callous … Continue Reading