Does Your Organization Maintain an Employee Facing Privacy Notice?

Ankura Cybersecurity & Data Privacy

[co-author: Aidan Morrissey]*

On Tuesday, June 15, 2021, a French court ordered IKEA to pay 1 million euros ($1.2 million) for spying on its employees in France.1 The allegations included reviewing employees' bank account records, using fake employees to write reports on the staff, and even paying for police files on some employees.

The National Commission on Informatics and Liberty, or CNIL, led the prosecution against IKEA. The CNIL, a regulatory body within the French government, governs and enforces data privacy laws. The French state prosecutor commented that "what's at stake is the protection of our private lives against the threat of mass surveillance."2

Although this may seem to be an isolated issue for France, EU countries under the jurisdiction of the General Data Protection Regulation (GDPR), or companies operating globally in both EU or France, the precedent for this type of violation and subsequent fines may also impact U.S.-based organizationsif U.S. lawmakers decide to adopt similar principles.

Why would U.S. companies and U.S. state privacy regulations be impacted? Currently, both the CCPA and CPRA have certain exemptions on employee data until 2023; however, there is still an obligation for organizations to provide notice to their employees on how they use, collect, store, and process their employees' personal information.

Companies tend to approach the CCPA and CPRA as if it only affects their customers or clients and may forget to develop the proper Privacy Notice to employees. Transparency and accountability, especially around any surveillance processes, should be clearly communicated to an organization's employees.

As part of privacy best practice, companies should incorporate privacy notices for employees in addition to their external-facing privacy notices. These policies contain information on what, how, and why personal information is being processed about the employees. Additional key components of employee privacy notices include collection and use, individual rights and choices around processing, disclosure to third parties and international data transfers.


Written by:

Ankura Cybersecurity & Data Privacy

Ankura Cybersecurity & Data Privacy on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.