Rehan Jalil of the Forbes Technology Council and CEO of cybersecurity firm SECURITI has posted these obligations on the forbes.com website. In Jalil's words, there is a "minefield" of personal employee data laws and regulations, and a company needs to know its obligations in each state and country where it operates.
Here is Jalil's list:
- Know the privacy laws and create security controls and privacy practices to ensure compliance.
- Justify the collection and processing of personal data. It must be necessary and relevant.
- Implement formal consent policies and procedures. Discuss how you collect, process and share employees' personal data. Review and update policies regularly.
- Data subject rights requests must be fulfilled in timely fashion.
- Audit all processing of personal data.
- Protect employee data. Notify impacted employees of a breach within time allotted by law.
- Control access to personal information; limit access to authorized users.
The complete article is at https://www.forbes.com/site/forbestechcouncil/2021/10/15/top-seven-obligations-concerning-employee-data-privacy/?sh=2ed59fcc2e94.