In the age of the internet, data is quickly becoming king. In 2014, mobile users uploaded and downloaded around 2 exabytes a day, now that number is closer to 8 exabytes. The move to make all information available via the web has affected all walks of life including employee data. The benefits of having your employees’ data accessible in a centralized, web-based system are widely apparent, but with that, there are precautions as well. Ironically, most of the employee data that makes the most sense to store on the web is also the most sensitive information that needs to be protected. With that being said, let’s dive into some of these employee data considerations in the modern age.
Personally identifiable information (commonly referred to as PII in the USA) covers many data points, which may be gathered during administrative processes including, but not limited to, application submission, payroll enrollment, or benefit enrollment. These types of employee data can be collected in hard copy or digital form. Essentially, if the information is unique to the individual and contains personally identifiable data, it must be protected. The following are common types of employee data that are considered sensitive in many countries:
• Social Security Numbers or national identification numbers (outside the United States)
• Taxpayer Identification Numbers (or their equivalent issued by governmental revenue entities outside the United States)
• Employer Identification Numbers (or their equivalent issued by government entities outside the United States)
• Bank account or credit/debit card numbers
• Any health or medical information
• State or foreign driver’s license numbers
• Passport information
• Birth dates
Although Personally Identifiable Information (PII) may mostly be a US-centric term, each jurisdiction has its own regulations concerning personally identifiable data. Nearly all countries require employers to maintain confidentiality and most cover protections of unique and personal information through a signed policy. Protections typically cover all individuals performing tasks on behalf of the employer such as employees, applicants, independent contractors, and customers.
Taking extra steps to protect personally identifiable data is especially important concerning medical information, digital payments, and online payslips. Violating data protection laws can lead to severe penalties. For instance, in the United States healthcare industries, fines for violating HIPAA privacy range from $100 to $50,000 per incident. And if someone violates privacy with intention, there can even be criminal prosecution. International agencies in countries like France, Spain, and Germany have delivered fines of more than €1 million and even some criminal penalties.
Protecting this information is critical and increasingly becoming engrained into legislation. For example, in the United Kingdom, employers have strict requirements to protect personally identifiable data, even in the event of a data breach. In 2016, Parliament passed the EU General Data Protection Regulation (GDPR) to replace the Data Protection Directive 95/46/EC in an effort to consolidate data privacy laws across Europe, protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
It’s now essential for employers to take the proper precautions to safeguard personal data and educate their team members on how to prevent theft and fraud through online phishing scams or other potential causes of a breach. There are many sources that help organizations educate their team on protecting themselves while operating on the web, which is critical for multinational teams who communicate primarily via digital platforms — the primary targets for hackers.
We hope you found this article on employee data informative. Celergo has a compliance guarantee for every country it does payroll in; your employees’ information is safe with us. Please do not hesitate to reach out if you have any questions!
**This article is for informational purposes only. It is not intended to constitute legal advice.