Right to fair compensation, privacy, and freedom from discrimination are some of the rights granted to employees at work. Legislation safeguarding workers from unfair labour practices, discriminatory treatment, and unsafe working conditions have been enacted by both federal and state governments.

Essentially, all employee personal information, including that relating to their family, should be treated with the necessary level of confidentiality and privacy.  If you work from home, getting a home safe would be important in ensuring you could keep important documents safe.

As an employer you may be in violation of these privacy laws in any of the five ways described below:

1. Publication of Your Workers’ Personal Cell Phone Numbers

It’s common to find employers listing personal mobile number of all their employees in a single Excel sheet to be used as a duty roster with the aim of conveniently contacting them in case they are late or need someone to stand in for anyone who is absent due to health-related reasons.

You expose your employees and the business as a whole to a variety of risks when the sheet containing personal contact numbers instead of work provided numbers is openly displayed in your premises.

Although compiling this list does make the task of locating any given employee for any reason much more convenient for you, the risk of this information falling into the wrong pair of hands increases exponentially. Before you dismiss this fact, it’s important to mention that it actually does happen; with incidences of identity theft being on the rise. You may be exposing yourself to the possibility of a harassment lawsuit, by unknowingly aiding and abetting a stalker.

2. Communication Sensitive Information Through Email

It’s now common for employers to communicate with their staff members over email regarding any work-related matters- regardless of the sensitivity of the subject matter. The risk of unintentionally copying and forwarding sensitive information to third parties is elevated when this channel is used in all communications. You also risk getting into a variety of issues, not to mention the havoc it can wreak on the company’s brand. It’s therefore essential that you choose your communication channel carefully when it comes to carrying out discussions on performance, remuneration and professional development and other sensitive work-related matters.

3. Maintaining Unsecured Staff Records

In business, maintaining proper records is a fundamental requirement. Although it might appear to be tedious, it is a must.

Australian law dictates that staff records be maintained for a minimum period of seven years. Employee name, date of employment, leave entitlements, pay etc. are some of the details captured in these files. Staff records, specifically pertaining to basic payroll tax details, must be maintained for a period of four years in the case of American based companies. Furthermore, when it comes to records documenting serious events (such as work-related injuries), prudence dictates that they are kept for a minimum period of ten years.

Instead of maintaining hard copies of staff records, that can be compromised in one way or the other, its best to use a computerised system that offers better security, convenient all time access and a comprehensive audit trail.

4. Ineffective Record Disposal Processes

The obligation to maintain staff records also comes with an added obligation to destroy them once they become obsolete. Your company might be exposed to all sorts of challenges against its information handling practices, from a legal standpoint, by simply keeping staff information for longer than it’s legally required to.

5. Failure to Implement a Data Protection Policy

While the introduction of a compliant and reliable employee personal data protection policy might lead you to conclude that your company is in safe waters, failure to enforce it will leave the company, in the event of a claim, highly exposed.

The employee personal data records you compile and maintain should be accounted for using a personal data protection policy customized to your specific needs. It’s the responsibility of the employer to ensure that all staff members are well informed with regard to the details of the policy, in addition to taking steps towards monitoring its application in all relevant operations. Ensuring that all staff members have executed a copy of the policy to be kept in their individual HR records creates the necessary paper trail proving that it is being used.