When is the last time your company reviewed its data protection policies?
If your company employs any international employees, it may have obligations under foreign laws to have specific safeguards in place. Failure to observe a jurisdiction’s data protection laws can result in staff penalties and unwelcome press coverage.
Although the European Union is leading the way with a proposed comprehensive new data protection law, other countries from China to the United Kingdom, South Africa, Qatar, Dubai, and several Latin American countries are developing, or have already enacted, their own data protection laws, with many based on the European model.
Employers without a data protection policy in place may want to consider developing a policy to protect employee and customer data. Employers with operations or employees abroad should be mindful of any data protection laws or regulations that may apply in the countries in which they operate, and should stay informed regarding the changing international data protection landscape.
At a minimum, the data protection policies should address security measures that will be taken to safeguard personal information. Employers may also want to consider designing a grievance procedure for employees who feel that their personal data was mishandled or misused, to enable the employer to deal promptly (and internally) with any concerns.
Finally, employers should remind all employees that they should not expect privacy in their use of company IT systems, such as email, internet, mobile devices and the telephones, and that routine monitoring may occur, to the extent permitted by national or local law.
This article appeared in the August 15, 2013 issue of Colorado Biz.