WorldLII Home | Databases | WorldLII | Search | Feedback

Privacy Laws and Business International Report

You are here:  WorldLII >> Databases >> Privacy Laws and Business International Report >> 1999 >> [1999] PLBIRp 16

Database Search | Name Search | Recent Articles | Noteup | LawCite | Download | Help

The case for considering employee data in the United States as adequate [1999] PLBIRp 16; (1999) 48 Privacy Laws and Business International Report 11

The case for considering US employee data as adequate

THE UNITED STATES needs to find a solution to the problem of transferring employee data between Europe and the US. Meeting the EU adequacy requirement was the main theme at a recent HR conference.

The International Association for Human Resource Information Management (IHRIM) and Privacy and American Business held an excellent two day conference in Teaneck, New Jersey (near New York) in January. The conference focused on the impact of the EU Data Protection Directive on human resource (HR) management and global HR information systems (HRIS).

US COMPANIES NEED TO ACT NOW

Transferring HR data raises some of the most serious compliance issues under the directive. Professor Alan Westin, Director of Privacy & American Business, strongly recommended companies to develop a separate negotiating strategy for the transfer of HR data. In the US, employee data collection is driven by public law requirements. Certain data, for example criminal history, or violent behaviour, must be collected for legal purposes. Also, there is a need to monitor employee performance to target efficiency, which brings with it the risk of lawsuits by employees for harassment, improper dismissal etc.

CODE OF PRACTICE PROPOSED

Several speakers offered solutions to the challenges raised by the EU directive. Professor Joel Reidenberg of Fordham University, New York, suggested that privacy enhancing software offers some protection, and that in many instances technological solutions are the preferred method over regulation.

Dr Donald Harris, Conference Chair and founder of IHRIM's Committee on Information Use and Protection led a discussion on developing a workable HR information code of practice. Its most important elements would include

• Data subject support and redress

• Verification of compliance, and

• Penalties for non-compliance.

(Dr Harris will also give a presentation at the Privacy Laws & Business 1999 Annual Conference to make the case for the adequacy of data protection provisions for HR data in the USA).

Other suggestions involved negotiating contracts or developing company codes of practice. There was general support for customising model contracts for HR purposes. Charles Prescott, Vice President of International Business Development and Government Affairs for the Direct Marketing Association said that these often benefit small and medium-sized enterprises in particular, which may not have the resources to create their own contracts.

HR DATA AN EXCEPTION

The most radical solution to the problems of adequacy under the directive was offered by Professor Alan Westin. His starting point, supported by extensive survey data, is the fact that the privacy concerns of the business/consumer relationship are distinctly different from those of the employer/employee relationship. Given the current body of constitutional provisions, federal statutes, state laws and employment practices that exist in the US, and the high confidence level that employees express about employer use of personal data, Professor Westin demonstrated that HR could be treated as a separate category for meeting EU adequacy requirements.

He suggested compiling a comprehensive volume of existing US privacy rules for HR data, and presenting this to EU officials and national Data Protection Authorities as a White Paper.

Both Department of Commerce (DOC) and EU policy makers welcomed the proposal. Barbara Wellbery, Counsellor tothe DOC Under Secretary for e-commerce agreed that HR could be presented as a unique area if the facts seemed to merit it. However, on the whole she preferred the safe harbour negotiations (PL& B Feb '99, p.15) not to spell out separate standards for each industry, as this would complicate the whole negotiation.

The White Paper will be issued in June, and made available on www.privacyexchange.org Privacy and American Business will also organise a conference on the EU/HR White Paper in July.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/PLBIRp/1999/16.html