More reasons why storing too much employee data can cause you more harm than good.
We talked recently about why you shouldn’t store irrelevant HR data within an employee’s record. This is partly because in order to do so under GDPR, you would need to obtain informed, freely given consent. So how do you get that consent?
I think the answer to this question is surprisingly quite simple; HR should avoid gathering information which requires an employee’s consent and stick only to the data that you have a legal requirement to process. E.g. data that you need to fulfil the contract of employment.
There’s three very strong arguments for this.
- Firstly, you don’t have to bother gaining consent.
- The consent process can take a seriously long time, and once it’s complete you then have to be able to maintain and protect the records which show you have consent, on top of maintaining the data you have consent to keep.
- Also, if somebody decides to withdraw their consent, which they can do at any time, you then have to delete all the data they’ve withdrawn consent for, which may risk leaving sets of data incomplete.
- You are protecting your employee’s personal data (by never having it in the first place).
- The GDPR is all about protecting individual privacy. It’s much easier for you and your employees to protect data which isn’t being stored unnecessarily.
- The GDPR also frowns upon excessive data gathering – another reason why it’s best to keep data at the minimum required amount.
- You’re protecting the company from litigation.
- By storing irrelevant data, you’re leaving the company vulnerable to litigation by formally including the information on an employee’s employment record. If an unfair dismissal case were to arise, the person raising the case could potentially link the data stored on their record to the reason they believe you dismissed them for, whether or not this is actually the case.
- In the case of Facebook, they’ve landed themselves in hot water because a lot of data was accessed and misused. If Facebook had a better data policy, where it stored less personal data and treated people with more respect, then perhaps it wouldn’t be at the centre of this scandal.
Examples of employee data you can keep
The UK government has published this list of data an employer may keep about an employee.
- date of birth
- education and qualifications
- work experience
- National Insurance number
- tax code
- details of any known disability
- emergency contact details
Employers can also keep details about an employee such as:
- employment history with the organisation
- employment terms and conditions (e.g. pay, hours of work, holidays, benefits, absence)
- any accidents connected with work
- any training taken
- any disciplinary action
Examples of employee data you should avoid
Although the depth and complexity of UK law means that different organisations may need to work with a variety of data sets; based off the list of data an employer can keep – here’s an example list of data you should probably avoid:
- Hobbies & interests
Why does an organisation need to know what an employee gets up to in their spare time? (providing it’s lawful). If Bob plays tennis on the weekends or if Sally likes to play chess is simply none of your business and this information does not belong on your formal HR records.
- Political preferences
Voting is confidential at the booth, it should remain someone’s right to not disclose their voting preferences regardless of what they believe. Again, what’s your reason for storing this information?
- Number of Children
Why do you need to know how many children somebody has on your HR record? If an employee has children or not might be a different matter, for reasons such as helping to provide childcare, (be careful, as you cannot use this information to discriminate against people – For having, or not having children) but for the majority of the time why do you need to know if somebody has 1, 2 or fifteen children?
In conclusion, just be careful what employee data you are storing and why you’re storing it. When it comes to your employee’s data; if you don’t need it, don’t collect it.