Free Employee Privacy Policy

Answer a few simple questions Print and download instantly It takes just 5 minutes

Create Your Free Employee Privacy Policy

  1. Answer a few simple questions
  2. Email, download or print instantly
  3. Just takes 5 minutes

Employee Privacy Policy

Additional Clauses


Additional Clauses



Frequently Asked Questions
Use plain English. This will reduce confusion. Each extra clause should be one paragraph only.Defined Terms:

  • Use of defined terms reduces the possibility of ambiguity in interpreting the document.
  • By legal writing conventions, terms are defined when they first appear by use of brackets, parentheses and initial capital, e.g. (the "Privacy Policy").
  • Thereafter that word with an initial capital carries the meaning of the defined term.
Plain English means language that is simple and conveys ideas with the greatest possible clarity and avoids using legalese.

Legalistic StylePlain English
at the present time now
due to the fact that because; since
during such time aswhile
for the duration ofduring
inasmuch asbecause; since
in the event thatif
notwithstanding the fact that although; even if
prior to before
pursuant to under; in accordance with
subsequent toafter
that certaina
with reference toabout

Additional tips:

  • Always use the same name when describing a person or object more than once.
  • Don’t address or contradict an issue that has already been answered in the questionnaire.
  • Don't use "I", "us", "we", "you" or "they" when referring to the parties to the contract. This is ambiguous and confusing.
  • Don’t abbreviate words.
  • Spell-check.


Your Employee Privacy Policy

Update Preview
This document preview is formatted to fit your mobile device. The formatting will change when printed or viewed on a desktop computer.
Employee Privacy Policy Page of
Page of

EMPLOYEE PRIVACY POLICY STATEMENT

_________________________

___________________________________

  1. Introduction
  2. This Employee Privacy Policy Statement (the “Privacy Policy”) contains the policies, procedures and practices to be followed by _________________________ and any of its present or future subsidiaries (the “Company”) pertaining to the collection, use and disclosure of personal information (the “Personal Information”) of an identifiable person (the “Individual”) that is a present, future or former employee of the Company.
  3. The Company recognizes the confidential nature of the Personal Information in its care and is accountable for the compliance of itself and its directors, officers, management, employees, representatives and agents including consultants and independent contractors (the “Staff”) in protecting this Personal Information.
  4. For the purpose of this Privacy Policy, the term “Personal Information” has the meaning of any information or collection of information in any form, whether oral, electronic or written that pertains to the Individual excluding information that is publicly available in its entirety. Personal Information will also include any publicly available information that is combined with non-publicly available information.
  5. Personal Information includes but is not limited to name, home address, home phone number, home email address, identity verification information, Social Security Number, physical description, age, gender, salary, education, professional designation, personal hobbies and activities, medical history, employment history, credit history, contents of resume, references, interview notes, performance review notes and emergency contact information.
  6. Personal Information will not include the Individual's business title, and business address and contact information when used or disclosed for the purposes of reasonable business communication.
  7. The Company will implement policies and procedures that give effect to this Privacy Policy including procedures to protect and secure Personal Information, procedures to receive, investigate and resolve complaints, procedures to ensure adequate training of the Staff concerning the Company's privacy policies, and procedures to distribute new and current information pertaining to the Company's Privacy Policy.
  8. Corporate Privacy Policy
  9. The Company and the Staff will at all times respect the confidentiality of the Personal Information placed in its care. The Company will endeavor to ensure that the policies affecting the collection, storage and disclosure of Personal Information reflect the confidential nature of the information.
  10. The Company will comply with all applicable privacy legislation and regulations in force now and in the future related to protecting the confidentiality of Personal Information.
  11. Purposes for which Personal Information is Collected
  12. Personal Information will be collected, used and disclosed for purposes pertaining to the Individual's employment relationship with the Company, including but not limited to the administration of employee hiring, performance reviews, the administration of employee payroll, processing of employee benefit claims, and for the purpose of complying with all applicable labor and employment legislation.
  13. The purposes for collecting Personal Information will be documented by the Company. Personal Information will only be used for the stated purpose or purposes for which it was originally collected. The purposes for which Personal Information is being collected will be identified orally or in writing to the Individual before it is collected. The person collecting the information will be able to explain the purpose at the time that the information is collected.
  14. The Company may use Personal Information for a purpose other than the originally stated purpose where the new purpose is required by law or where the Company has obtained consent in writing from the affected Individual for each new purpose.
  15. Knowledge and Consent
  16. Knowledge and consent are required from the affected Individual for the collection, use and disclosure of all Personal Information subject to exceptions noted elsewhere in the Privacy Policy statement.
  17. Consent will not be obtained through deception or misrepresentation.
  18. Any use or disclosure of Personal Information will be within the reasonable expectations of the Individual.
  19. Subject to legal and contractual obligations, an Individual may withdraw their consent on reasonable notice.
  20. Legislation and Regulation
  21. Where the Company has Individuals living and working in different jurisdictions the specific rights and obligations of Individuals may vary between jurisdictions.
  22. The Company is subject to the privacy legislation in all jurisdictions in which the Company operates. If any term, covenant, condition or provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid, void or unenforceable, it is the intent of this Privacy Policy that the scope of the rights and obligations of the Privacy Policy be reduced only for the affected jurisdiction and only to the extent deemed necessary under the laws of the local jurisdiction to render the provision reasonable and enforceable and the remainder of the provisions of the Privacy Policy statement will in no way be affected, impaired or invalidated as a result.
  23. Where this Privacy Policy provides greater rights and protections to the Individual than the available governing law, the terms of this Privacy Policy will prevail wherever allowed by law.
  24. Scope and Application
  25. The rights and obligations described in this Privacy Policy will apply to all Individuals. The Company and the Staff must comply with the policies, procedures and practices described in the Privacy Policy.
  26. Collection of Personal Information
  27. The type and amount of Personal Information collected by the Company will be limited to the minimum necessary to accomplish reasonable business purposes. Personal Information will not be collected maliciously, indiscriminately or without a reasonable business purpose.
  28. Personal Information will be collected using fair and lawful means.
  29. Access by Authorized Company Representatives
  30. All Personal Information will be released internally only on a need-to-know basis. In the course of normal and reasonable business practices it is the policy of the Company to grant designated Company representatives access to Personal Information files. This access will not exceed that necessary to accomplish the specific business function of the Company representative nor the purpose for which the information was originally collected.
  31. Accuracy of Personal Information
  32. The Company will endeavor to ensure that all Personal Information collected is accurate and validated using reasonable business practices and procedures. The Company is also committed to ensuring that the Personal Information remains accurate for the purpose for which it was collected.
  33. Rights of Access and Correction
  34. The Company will make reasonable efforts to ensure that Personal Information is at all times complete and accurate for its stated purpose.
  35. An Individual may apply for access to their Personal Information by submitting a request in writing along with adequate proof of identity to an authorized personnel officer. Where the application is made in person the requirement for proof of identity will be at the discretion of the personnel officer. The Individual will be provided with a copy of all available information that is not subject to restriction as described in this Privacy Policy. All Personal Information and Medical Information will be provided at no cost or at a minimal cost that is not prohibitive.
  36. The Company will also provide a specific summary of how the Personal Information has been used and to whom it has been disclosed. Where a detailed account of disclosure is not available, the Company will provide a list of organizations to which the Personal Information may have been disclosed.
  37. The Personal Information disclosed to an Individual must be in a form that is reasonable and understandable. Where the meaning of information is not clear then translations and explanations will be provided without additional cost.
  38. Where an Individual suspects that an error exists in their Personal Information, the Individual may submit a request in writing for correction. This request should include any relevant information substantiating the error and should describe the correction to be made. The Company will make all reasonable efforts to address any request for correction.
  39. Where the Individual successfully demonstrates an error in their Personal Information the Company will make appropriate corrections. Any modifications, additions or deletions to the Individual's Personal Information will be made only by an authorized personnel officer.
  40. Where a request for correction is not successful, the details and substantiating evidence of the request will be recorded and retained by the Company.
  41. The Company will endeavor to respond promptly to any reasonable request for disclosure and correction made by an Individual to ensure the continued accuracy of Personal Information.
  42. In some instances the Company may be required to limit access to Personal Information because of statutory or regulatory requirements. In all instances however the Company will make all reasonable efforts to comply with the Individual's request for access and correction to the extent of what is allowed by statute or regulation.
  43. The Company may refuse access to portions of the Personal Information of an Individual where it is found to contain Personal Information pertaining to another Individual.
  44. Use and Disclosure of Personal Information
  45. The Company and the Staff will keep confidential all Personal Information in its control except where one or more of the following conditions apply:
    1. where the Individual who is the subject of disclosure has provided written consent;
    2. where the disclosure is in accord with the purposes for which the Personal Information was originally collected;
    3. where the disclosure is for the purpose of providing employment references to prospective employers and where the Personal Information disclosed is limited to information considered reasonably necessary for the purpose of providing employment references;
    4. where the Company is permitted or required to do so by applicable legislation or regulation;
    5. where the disclosure is directed to health benefit providers and where the purpose of the disclosure is in accord with the purposes for which the Personal Information was originally collected;
    6. where the disclosure is required by authorized government representatives who are acting to enforce any federal or state law or carrying out an investigation relating to the enforcement of any federal or state law or gathering information for the purpose of enforcing any federal or state law;
    7. where the Company is required to comply with valid court orders, warrants or subpoenas or other valid legal processes and
    8. in an emergency to protect the physical safety of any person or group of persons.
  46. Ownership of Personal Information
  47. All Personal Information collected by the Company in compliance with this Privacy Policy are business records of the
  48. Retention and Disposal of Personal Information
  49. Any Personal Information collected by the Company will be retained by the Company during the period of active employment of the Individual as well as during the post-employment period only as long as the Personal Information is required to serve its original purpose or as directed by applicable legislation or regulation.
  50. Personal Information that is no longer needed for its stated purpose will be destroyed, erased or made anonymous.
  51. The Company will ensure that all practices and procedures relating to the disposal of Personal Information will respect the fundamental policy of confidentiality. All Personal Information disposal procedures, including the disposal of computerized data storage devices, will ensure the complete destruction of Personal Information so that there will be no risk of subsequent unauthorized disclosure of Personal Information.
  52. Deceased Individuals
  53. The rights and protections of the Company's Privacy Policies will extend to deceased Individuals.
  54. Security
  55. The Company will take and enforce all reasonable security measures appropriate for the sensitivity of the information to ensure that all Personal Information for every Individual is protected against any form of unauthorized use including but not limited to accidental or malicious disclosure, unauthorized access, unauthorized modification, unauthorized duplication or theft.
  56. Methods of security will include but not be limited to the following:
    1. physical security including locked filing cabinets and secure-access offices;
    2. organizational security including security clearances and access limited on a “need-to-know” basis and
    3. technological security including passwords and encryption.
  57. The Company will educate and inform all Staff regarding the Privacy Policy and related procedures and on the importance of confidentiality of Personal Information and will monitor compliance with the Privacy Policy and may observe and investigate the information management practices of all Staff having care of Personal Information.
  58. Knowledge of Unauthorized Disclosure
  59. Responsibility for the security of Personal Information is a responsibility that the Company holds in very serious regard. Any Staff having knowledge of an impending unauthorized disclosure, whether intentional or unintentional, and who fail to act to prevent the unauthorized breach will be subject to sanction as described in the Enforcement section of this document including the immediate dismissal of the offending Staff.
  60. Enforcement
  61. All Staff having care over Personal Information must comply with the policies, procedures and practices described in the Privacy Policy. Any breach of any term or condition of this Privacy Policy, whether intentional or unintentional, including but not limited to the unauthorized disclosure of Personal Information is grounds for disciplinary action up to and including the immediate dismissal of any and all responsible Staff. Any breach of any term or condition of this Privacy Policy, whether intentional or unintentional, is grounds for dismissal with cause.
  62. Compliance with Privacy Policy
  63. The Company will have a procedure that will allow Individuals to challenge the Company's compliance with this Privacy Policy. The Company will also have procedures to promptly respond to Privacy Policy compliance challenges.
  64. The Company will make all reasonable efforts to investigate and respond to compliance challenges relating to this Privacy Policy. Where a challenge is well founded the Company will take action to correct any outstanding problems up to and including amending the Privacy Policy and related procedures.
  65. Arbitration
  66. In the event a dispute arises out of or in connection with this Privacy Policy, the parties will first attempt to resolve the dispute through friendly consultation.
  67. If the dispute is not resolved within a reasonable period then any or all outstanding issues may be submitted to final and binding arbitration in accordance with the laws of the State of Ohio. The arbitrator's award will be final, and judgment may be entered upon it by any court having jurisdiction within the State of Ohio

Last Updated March 28, 2024

Written by 

Reviewed by 


|

Fact checked by 



What is an Employee Privacy Policy?

An Employee Privacy Policy is a document that details a company’s policies and practices when collecting, storing, disclosing, and disposing of employee information. It informs employees of their privacy rights within the workplace and how their shared personal data is secure.

Generally, an Employee Privacy Policy applies to everyone within the company. It’s not something uniquely created for each employee.

An Employee Privacy Policy is also known as an:

  • Company privacy policy
  • Staff privacy policy
  • HR privacy policy

Why do companies need an Employee Privacy Policy?

An Employee Privacy Policy is essential for your business when managing employees. It demonstrates:

  • Compliance with legal requirements by showing that your company takes the necessary steps (i.e., risk management) to protect employee information when collecting and filing data. 
  • Transparency and trust for your employees by showing them how you use, store, and dispose of their data. Knowing the process and reasons for collection can give them peace of mind, knowing their information is safe during the hiring process, employment, and after they leave the company.

Creating documents like an Employee Privacy Policy, in addition to a Social Media Policy, establishes a strong resource for your employees and business. Once you create your policy, make it accessible to everyone by including it in Employment Contracts and the Employee Handbook. Also, store a digital copy for your employees to access anytime through staff portals or online hubs.

What information does an Employee Privacy Policy protect?

As an employer, you collect certain information to document an employee's relationship with the company. These confidential details are for hiring purposes, payroll, Employee Evaluations, and more. The information a company collects that your policy will protect includes:

  • References and resume content, including employment history and education
  • Full legal name, address, and contact information
  • Social Security Number and credit history
  • Physical description, age, and gender
  • Salary and professional position
  • Emergency contact information
  • Medical history

If your company collects client and consumer data, creating a Website Privacy Policy allows customers to know what information you collect and the safety measures you’re taking with their data.

How to create an Employee Privacy Policy

LawDepot’s user-friendly Employee Privacy Policy questionnaire lets you create a policy in minutes. Once you select your industry, state and put in your company details, just complete the following steps:

1. Determine the terms for your policy

The terms for an Employee Privacy Policy can include:

  • A revision date and number to indicate you’re replacing a current policy. If you have a current policy, the new date and document number indicate which version you’re creating and implementing now.
  • Any drug and alcohol testing requirements your company has in place If your company conducts testing, your Privacy Policy will include how this type of information will be stored and shared. Please note that there are federal and state regulations for what and how employers can test in the workplace. 
  • Any medical information your company collects for accommodation needs, health insurance, and filing claims. You must have additional measures to keep that information secure.
  • Whether the company will maintain a log of personal information disclosures, meaning it will record all instances in which you legally share an employee's information. For example, you may share limited information about an individual with another employer for referencing purposes. You can keep a record of the consent provided, the information given, and which employer you gave it to.

2. Include a mediation clause

Consider including a mediation clause to deal with future disputes regarding the policy. Mediation allows a third party to help create an amicable resolution to any disputes. This clause can help your company save time and money on arbitration or litigation if any issues occur.

3. Create any additional clauses

You can include any additional clauses you may need for your company. LawDepot’s template guides you through creating any additions to your policy.

What are the laws for employee privacy?

There isn’t one piece of federal legislation that solely covers employees’ personal information. Instead, the laws that can protect employees include:

  • Fair Credit Reporting Act (FCRA). These regulations help protect employees’ personal data that you collect for background checks. Credit checks may be done to verify a potential employee’s identity, educational background, or work history. The FCRA regulations are in place to protect employees’ personal data when used in background checks. It outlines how to collect information, share it with third-party agencies, and correctly dispose of any reports. 
  • The Americans with Disabilities Act (ADA).  A company may collect medical information regarding disabilities to create accommodations in the workplace. If you require this information, you must follow the ADA regulations on protecting and collecting medical details with higher levels of protection. This includes storing details in a separate medical file from an employee’s personal file. 
  • Health Insurance Portability and Accountability Act (HIPAA).  As an employer, you may request medical information from an employee for situations such as medical leave, insurance, or workers' compensation. However, you cannot receive this information directly from a medical provider unless you have your employee’s authorization. Once you collect this information, it must be filed securely like any other medical information.

In addition to federal laws, each state has its own privacy regulations for when and how you collect or disclose an employee’s data. For example, California was one of the first states to extend its Consumer Privacy Act to include the collection and use of staff information.

Please check for other state requirements while hiring staff, collecting data, and storing information. LawDepot’s Employee Privacy Policy template is customized to federal and state laws to ensure it follows all legal requirements throughout your policy.

Can employers disclose employee personal information?

An employer cannot disclose an employee’s personal data outside of the purposes of its collection (i.e., payroll, hiring, background checks, etc.). However, there are a few exceptions to this rule, including:

  • If the employee has given written consent to share their details
  • If an employer is providing referencing, they may give limited details
  • If an employer is required to give details to medical providers in an emergency or to protect the physical safety of an individual or group
  • If an employer is ordered to do so during a federal or state investigation and is complying with a court order, warrant, or subpoena

Related Documents:

  • Employment Offer Letter: Write a formal letter to offer a job opportunity to a new employee.
  • Employment Contract: Set out employment terms, conditions, and expectations for new hires.
  • Employee Handbook: Write a document that details your company’s missions, policies, and benefits.
  • New Hire Checklist: Create a personalized onboarding checklist for new employees.
  • Social Media Policy: Write out your company’s policy for employee’s social media use in the workplace.
  • Website Privacy Policy: Outline how your company collects, uses, protects, and discloses consumer and client data online.
Thumbnail of sample of Employee Privacy Policy document

Sample

Employee Privacy Policy

Personalize your Employee Privacy Policy.

Print or download in minutes.

Create your free Employee Privacy Policy with our step-by-step questionnaire
This document preview is formatted to fit your mobile device. The formatting will change when printed or viewed on a desktop computer.
Loading ...
Loading ...

Note: Your initial answers are saved automatically when you preview your document.
This screen can be used to save additional copies of your answers.