Companies need to be aware of their obligations under the profusion of data protection laws and regulations that govern the collection, use and transfer of their employees’ personal information. This is especially crucial for companies that have operations subject to the laws of multiple jurisdictions, as requirements vary widely from country to country and even from state to state. As a rule, only personally identifiable information (personal data) is afforded special protection by data privacy laws and many, but not all data privacy laws exempt personal data that has been encrypted. It should also be noted that data privacy laws protect not only active employees, but also information from clients and customers, job applicants, consultants, independent contractors and terminated or retired employees.
Although U.S. law is trending toward stricter protection of personal data, the laws in other countries are often much more extensive than even the strictest U.S. standards. Employers should consider all legal requirements, whether local, state or provincial or nationwide, that may impact their data privacy policies and procedures. Failure to comply with data protection laws can result in penalties such as civil fines and sometimes, criminal prosecution.