"Employee Privacy Policy Template"

What Is an Employee Privacy Policy?

An Employee Privacy Policy is a document that contains the policies and procedures of an employer regarding the collection, use, and disclosure of their employee's personal information. An Employee Data Privacy Policy applies to all employees of the company and determines Employee Privacy rights. The personal information of an employee usually includes their name, address, phone number, email, Social Security Number, age, marital status, salary, education, and employment experience.

An employer gathers personal information to make decisions about initial employment, assign wages and benefits, and process labor claims, including insurance claims. This information can also be useful for evaluating an employee's qualifications to perform some job or task and conducting performance reviews.

An Employee Privacy Policy template can be downloaded below.

ADVERTISEMENT

How to Write an Employee Privacy Policy?

An Employee Privacy Policy Statement usually contains the following:

  • Enter details of the employer;
  • Describe which information relates to personal information;
  • Indicate the purposes of gathering personal information of employees. State that this information can only be used for the indicated purposes;
  • Specify that an employee has a right to apply for access to their details, and for this purpose, they must submit a request in writing. The employer must provide an employee with a summary describing the usage and disclosure of their personal information. If an employee finds out an error in their details, they have a right to submit a request in writing for correction. If the company admits it, the error must be corrected. An authorized person is only allowed to make changes to personal details;
  • Specify the reasons for the disclosure of personal information. For example, the employer can disclose it to present employment references to prospective employers of the company's former employees, or when it is required by applicable legislation and authorized government representatives.
  • Indicate that the employer is obliged to take all appropriate security measures to protect the personal details of their employees against stealing, any unauthorized access, change, or duplication. These measures can involve the establishment of physical, organizational, and technological security of information, setting passwords, and using encryption;
  • State that all employees of this organization who have access to personal information must follow the policies and procedures described in this document. The unauthorized disclosure of personal details leads to disciplinary action or dismissal of the responsible employees;
  • Determine the procedure for resolving disputes. In the event of a dispute related to the privacy policy, the parties must try to settle it by negotiation. If they cannot resolve the issue within a reasonable period, it should be referred to arbitration for further consideration under state law.

Is It Legal to Sanction an Employee Who Has Violated Privacy Policies?

Usually, the sanction policy against an employee is connected with the violation of the Health Insurance Portability and Accountability Act (HIPAA). If an employee has used or got access to the protected health information, and thus has violated the HIPAA Enforcement Rule, healthcare organizations must investigate it. The incident may warrant disciplinary action or terminate the employee.


Not what you were looking for? Check out these related forms:

ADVERTISEMENT

Download "Employee Privacy Policy Template"

229 times
Rate (4.3 / 5) 11 votes
Employee Privacy Policy Statement
1. Introduction. This ​ E mployee Privacy Policy Statement (hereinafter referred to as
the “Privacy Policy”) contains the policies, procedures, and practices to be followed
by ______________________ and any of its present or future subsidiaries (hereinafter
referred to as the “Company”) pertaining to the collection, use, and disclosure of
personal information (hereinafter referred to as the “Personal Information”) of an
identifiable person (hereinafter referred to as the “Individual”) that is a present, future
or former employee of the Company.
The Company recognizes the confidential nature of the Personal Information in its
care and is accountable for the compliance of itself and its directors, officers,
management, employees, representatives, and agents including consultants and
independent contractors (hereinafter referred to as the “Staff”) in protecting this
Personal Information.
2. Personal Information. ​ F or the purpose of this Privacy Policy, the term “Personal
Information” has the meaning of any information or collection of information in any
form, whether oral, electronic or written that pertains to the Individual excluding
information that is publicly available in its entirety. Personal Information will also
include any publicly available information that is combined with non-publicly
available information.
Personal Information includes but is not limited to name, home address, home phone
number, home email address, identity verification information, Social Security
Number, physical description, age, gender, salary, education, professional designation,
personal hobbies and activities, medical history, employment history, credit history,
contents of resume, references, interview notes, performance review notes and
emergency contact information.
Personal Information will not include the Individual’s business title, and business
address and contact information when used or disclosed for the purposes of reasonable
business communication.
The Company will implement policies and procedures that give effect to this Privacy
Policy including procedures to protect and secure Personal Information, procedures to
receive, investigate and resolve complaints, procedures to ensure adequate training of
the Staff concerning the Company’s privacy policies, and procedures to distribute new
and current information pertaining to the Company’s Privacy Policy.
©​ ​ ​ ​
T EMPLATEROLLER.COM​
Employee Privacy Policy Statement
1. Introduction. This ​ E mployee Privacy Policy Statement (hereinafter referred to as
the “Privacy Policy”) contains the policies, procedures, and practices to be followed
by ______________________ and any of its present or future subsidiaries (hereinafter
referred to as the “Company”) pertaining to the collection, use, and disclosure of
personal information (hereinafter referred to as the “Personal Information”) of an
identifiable person (hereinafter referred to as the “Individual”) that is a present, future
or former employee of the Company.
The Company recognizes the confidential nature of the Personal Information in its
care and is accountable for the compliance of itself and its directors, officers,
management, employees, representatives, and agents including consultants and
independent contractors (hereinafter referred to as the “Staff”) in protecting this
Personal Information.
2. Personal Information. ​ F or the purpose of this Privacy Policy, the term “Personal
Information” has the meaning of any information or collection of information in any
form, whether oral, electronic or written that pertains to the Individual excluding
information that is publicly available in its entirety. Personal Information will also
include any publicly available information that is combined with non-publicly
available information.
Personal Information includes but is not limited to name, home address, home phone
number, home email address, identity verification information, Social Security
Number, physical description, age, gender, salary, education, professional designation,
personal hobbies and activities, medical history, employment history, credit history,
contents of resume, references, interview notes, performance review notes and
emergency contact information.
Personal Information will not include the Individual’s business title, and business
address and contact information when used or disclosed for the purposes of reasonable
business communication.
The Company will implement policies and procedures that give effect to this Privacy
Policy including procedures to protect and secure Personal Information, procedures to
receive, investigate and resolve complaints, procedures to ensure adequate training of
the Staff concerning the Company’s privacy policies, and procedures to distribute new
and current information pertaining to the Company’s Privacy Policy.
©​ ​ ​ ​
T EMPLATEROLLER.COM​
3. Corporate Privacy Policy. ​ T he Company and the Staff will at all times respect the
confidentiality of the Personal Information placed in its care. The Company will
endeavor to ensure that the policies affecting the collection, storage and disclosure of
Personal Information reflect the confidential nature of the information.
The Company will comply with all applicable privacy legislation and regulations in
force now and in the future related to protecting the confidentiality of Personal
Information.
4. Purposes for Which Personal Information is Collected. ​ P ersonal Information
will be collected, used and disclosed for purposes pertaining to the Individual’s
employment relationship with the Company, including but not limited to the
administration of employee hiring, performance reviews, the administration of
employee payroll, processing of employee benefit claims, and for the purpose of
complying with all applicable labor and employment legislation.
The purposes for collecting Personal Information will be documented by the
Company. Personal Information will only be used for the stated purpose or purposes
for which it was originally collected. The purposes for which Personal Information is
being collected will be identified orally or in writing to the Individual before it is
collected. The person collecting the information will be able to explain the purpose at
the time that the information is collected.
The Company may use Personal Information for a purpose other than the originally
stated purpose where the new purpose is required by law or where the Company has
obtained consent in writing from the affected Individual for each new purpose.
5. Knowledge and Consent. ​ K nowledge and consent are required from the affected
Individual for the collection, use and disclosure of all Personal Information subject to
exceptions noted elsewhere in the Privacy Policy statement. Consent will not be
obtained through deception or misrepresentation.
Any use or disclosure of Personal Information will be within the reasonable
expectations of the Individual.
Subject to legal and contractual obligations, an Individual may withdraw their consent
on reasonable notice.
6. Legislation and Regulation. ​ W here the Company has Individuals living and
working in different jurisdictions the specific rights and obligations of Individuals
may vary between jurisdictions.
©​ ​ ​ ​
T EMPLATEROLLER.COM​
The Company is subject to the privacy legislation in all jurisdictions in which the
Company operates. If any term, covenant, condition or provision of this Privacy
Policy is held by a court of competent jurisdiction to be invalid, void or
unenforceable, it is the intent of this Privacy Policy that the scope of the rights and
obligations of the Privacy Policy be reduced only for the affected jurisdiction and only
to the extent deemed necessary under the laws of the local jurisdiction to render the
provision reasonable and enforceable and the remainder of the provisions of the
Privacy Policy statement will in no way be affected, impaired or invalidated as a
result.
Where this Privacy Policy provides greater rights and protections to the Individual
than the available governing law, the terms of this Privacy Policy will prevail
wherever allowed by law.
7. Scope and Application. ​ T he rights and obligations described in this Privacy Policy
will apply to all Individuals. The Company and the Staff must comply with the
policies, procedures and practices described in the Privacy Policy.
8. Collection of Personal Information. ​ T he type and amount of Personal Information
collected by the Company will be limited to the minimum necessary to accomplish
reasonable business purposes. Personal Information will not be collected maliciously,
indiscriminately or without a reasonable business purpose.
Personal Information will be collected using fair and lawful means.
9. Access by Authorized Company Representatives. ​ A ll Personal Information will
be released internally only on a need-to-know basis. In the course of normal and
reasonable business practices, it is the policy of the Company to grant designated
Company representatives access to Personal Information files. This access will not
exceed that necessary to accomplish the specific business function of the Company
representative nor the purpose for which the information was originally collected.
10. Accuracy of Personal Information. ​ T he Company will endeavor to ensure that
all Personal Information collected is accurate and validated using reasonable business
practices and procedures. The Company is also committed to ensuring that the
Personal Information remains accurate for the purpose for which it was collected.
11. Rights of Access and Correction. ​ T he Company will make reasonable efforts to
ensure that Personal Information is at all times complete and accurate for its stated
purpose.
©​ ​ ​ ​
T EMPLATEROLLER.COM​
An Individual may apply for access to their Personal Information by submitting a
request in writing along with adequate proof of identity to an authorized personnel
officer. Where the application is made in person the requirement for proof of identity
will be at the discretion of the personnel officer. The Individual will be provided with
a copy of all available information that is not subject to restriction as described in this
Privacy Policy. The Company may elect to provide sensitive medical information
(hereinafter referred to as the “Medical Information”) through a licensed medical
practitioner. All Personal Information and Medical Information will be provided at no
cost or at a minimal cost that is not prohibitive.
The Company will also provide a specific summary of how the Personal Information
has been used and to whom it has been disclosed. Where a detailed account of
disclosure is not available, the Company will provide a list of organizations to which
the Personal Information may have been disclosed.
The Personal Information disclosed to an Individual must be in a form that is
reasonable and understandable. Where the meaning of information is not clear then
translations and explanations will be provided without additional cost.
Where an Individual suspects that an error exists in their Personal Information, the
Individual may submit a request in writing for correction. This request should include
any relevant information substantiating the error and should describe the correction to
be made. The Company will make all reasonable efforts to address any request for
correction.
Where the Individual successfully demonstrates an error in their Personal Information
the Company will make appropriate corrections. Any modifications, additions or
deletions to the Individual’s Personal Information will be made only by an authorized
personnel officer.
Where a request for correction is not successful, the details and substantiating
evidence of the request will be recorded and retained by the Company.
The Company will endeavor to respond promptly to any reasonable request for
disclosure and correction made by an Individual to ensure the continued accuracy of
Personal Information.
In some instances, the Company may be required to limit access to Personal
Information because of statutory or regulatory requirements. In all instances however
the Company will make all reasonable efforts to comply with the Individual’s request
for access and correction to the extent of what is allowed by statute or regulation.
©​ ​ ​ ​
T EMPLATEROLLER.COM​
The Company may refuse access to portions of the Personal Information of an
Individual where it is found to contain Personal Information pertaining to another
Individual.
12. Use and Disclosure of Personal Information. The Company and the Staff will
keep confidential all Personal Information in its control except where one or more of
the following conditions apply:
● Where the individual who is the subject of disclosure has provided written
consent;
● Where the disclosure is in accord with the purposes for which the Personal
Information was originally collected;
● Where the disclosure is for the purpose of providing employment references to
prospective employers and where the Personal Information disclosed is limited
to information considered reasonably necessary for the purpose of providing
employment references;
● Where the Company is permitted or required to do so by applicable legislation
or regulation;
● Where the disclosure is directed to health benefit providers and where the
purpose of the disclosure is in accord with the purposes for which the Personal
Information was originally collected;
● Where the disclosure is required by authorized government representatives who
are acting to enforce any federal or state law or carrying out an investigation
relating to the enforcement of any federal or state law or gathering information
for the purpose of enforcing any federal or state law;
● Where the Company is required to comply with valid court orders, warrants or
subpoenas, or other valid legal processes and in an emergency to protect the
physical safety of any person or group of persons.
13. Disclosure Log. ​ T he Company will take reasonable care to maintain a disclosure
transaction log that accurately records all use, corrections, additions, deletions and
disclosures including the names of all parties enabling the transaction. Where the
Personal Information of the Individual is disclosed to any person or organization, the
name of the person or organization to which the Personal Information is disclosed will
be recorded along with a reasonably thorough description of the purpose of the
disclosure.
©​ ​ ​ ​
T EMPLATEROLLER.COM​
Page of 8