Employer Privacy Policies

It’s true- all organizations must have a privacy policy by law. This policy is designed to explain how you collect, use and disclose personal information about individuals will put your staff and customers at ease, and minimize the possibility of lawsuits or punitive damages.
If you are a federally-regulated business, or a company carrying out business across provincial borders, you fall under the federal Personal Information Protection and Electronic Documents Act (PIPEDA). In any event, Ontario companies are required to comply with PIPEDA in their commercial dealings.

The private sector privacy laws applicable to employees contain substantially the same provisions relating to collection, use and disclosure of employee information as exist for individuals generally under those laws.  Therefore, consent is a required condition for any such handling of the employee information.

An employee privacy policy is mandated by PIPEDA.  Beyond consent, specific uses of employee personal information that may not be covered in any implied or express consent can be addressed in such a policy, such as the monitoring of emails. The employee privacy policy also can be used to document an employee’s acknowledgement to comply with an internal policies and procedures relating to personal information held by the organization and to stipulate disciplinary measures that may be taken in the event of any breach of such rules.  The employee privacy policy must also acknowledge an employee’s right to access to their employment records. Lastly the contact information/procedures for employees having questions or concerns regarding their information or the organizations policies and procedures must be included in this document

Here is the specific language in PIPEDA:
4. (1) This Part applies to every organization in respect of personal information that
(a) the organization collects, uses or discloses in the course of commercial activities; or
(b) is about an employee of the organization and that the organization collects, uses or discloses in connection with the operation of a federal work, undertaking or business.

Tagged with: