
employee’s condition will affect his ability to perform his work and
whether any accommodations need to be made. Steering clear of
unnecessary detail means a less complicated path for everyone if
decisions about promotions, layoffs or reorganization are made
down the road.
SOCIAL MEDIA
Social media can be another danger zone for employers. While
it’s now fairly common practice for an organization to review a
candidate’s online presence before hiring or offering a promotion,
legal experts recommend caution. While some might argue there’s
nothing private about a person’s public Facebook page or Twitter
feed, an employer may unintentionally discover personal informa-tion
that’s not relevant, but could be problematic.
“It’s okay to research social media,” said Bolton, “but you want
to create a screen.” She suggests managers assign someone else – a
person with no hiring authority – to collect only the relevant in-formation
from the social media sites. “Otherwise you may have a
very difficult time proving that inappropriate personal informa-tion
didn’t come into play.”
CHALLENGES OF BYOD
“One of the biggest blurry areas we’re seeing now, with respect to
privacy issues, is the use of cell phones and other personal devic-es,”
said Bolton, who notes a large number of companies are either
giving in to employee requests to use personal cell phones for work
or, in an effort to save on costs, asking employees to use their own
mobile devices. This makes monitoring information significantly
more difficult for an employer.
“If an organization is going to go that route, they need a bring-your-
own-device (BYOD) policy,” said Bolton, although this still
doesn’t get around the fact that it’s potentially more difficult to
compel an employee to surrender his own device for review or to
have company information removed at the end of an employment
period. “With BYOD, the employer is definitely at a disadvantage
when it comes to protecting information.”
TAKE THE TIME TO AUDIT
Whether you’re dealing with BYOD technology, social media or
medical information, there are a lot moving pieces to consider
when establishing a corporate privacy policy. To ensure your poli-cy
is relevant and up to date, or to begin developing one in the first
place, Bolton suggests a periodic self-audit. When looking at how
your organization manages employee information, consider how
you establish consent, identify purpose and choose your method
of collection. Once you have the information, how do you keep it
secure and destroy it safely when you’re done with it?
“If you’ve done a self audit, then you can determine where the
weaknesses and vulnerabilities are and plot the steps required to
fix them,” said Bolton.
cover feature
Maksim Kabakou/Shutterstock
22 ❚ SEPTEMBER 2014 ❚ HR PROFESSIONAL