Employee Privacy Policy

The Employee Privacy Policy defines privacy requirements for employee PII within the Privacy Information Management System. Its scope includes the collection, use, disclosure, retention linkage, notice, rights handling, monitoring, processor support and evidence management of employee PII. The policy applies across controller and joint-controller contexts where the organization determines the purposes and means of employee PII processing, and also across processor and subprocessor contexts where the organization processes employee PII under documented instructions. Employee PII is defined broadly to include information relating to employees, job applicants, former employees, contractors, temporary personnel, interns, secondees and other workforce participants where the organization processes their PII for workforce, recruitment, employment, engagement, compensation, benefits, security, compliance, workplace administration or related business purposes. A central feature of the policy is its evidence model. The policy does not create a separate HR privacy register, employee privacy register, employee monitoring register, HR vendor register, employee rights register or employee incident register. Instead, it requires employee processing evidence to be maintained in the canonical PIMS registers: REG02 for processing inventory and retention linkage, REG04 for privacy risk and DPIA triggers, REG06 for employee rights requests, REG07 for employee privacy notices, REG08 for HR processors and vendors, REG10 for employee PII incidents, and REG12 for exceptions, nonconformities, corrective actions, monitoring and improvement evidence. This structure supports the policy purpose: employee PII should be processed only for documented, approved, transparent, proportionate and accountable workforce purposes while avoiding a duplicate HR-specific evidence layer. The policy statements set detailed operational controls for the employee data lifecycle. Before employee PII is collected, generated, imported, used or disclosed, the Process Owner / Business Owner must record the employee processing activity in REG02, including PII categories, employee population, collection source, processing purpose, systems, internal and external recipient categories and retention linkage. Employee privacy notices must be maintained in REG07 before direct or indirect collection for a new or materially changed purpose. The policy requires employee PII to be used only for approved purposes recorded in REG02, and it requires internal recipient categories, business-need conditions and recurring external disclosures to be documented before disclosure begins. Suspected unauthorized disclosure, access, loss or monitoring-data misuse must be routed to REG10 within one business day of identification. Employee rights, monitoring and HR vendor governance receive specific attention. Employee rights requests must be recorded or routed in REG06 within two business days, with process owner inputs due within five business days of assignment. Complex requests involving monitoring records, background screening records, special-category PII, third-party employee PII, legal restrictions or automated decision-making require advice from the Data Protection Officer / Privacy Advisor before refusal, extension, restriction or complex handling. Employee monitoring must be documented in REG02 before enablement or material change, routed through REG04 for privacy risk or DPIA screening where triggered, supported by current REG07 notice or communication evidence, and sampled in REG12 at least annually when included in REG02. HR processors, payroll, HRIS, benefits, background-screening and outsourced HR service providers must be recorded in REG08 before employee PII is disclosed to, accessed by or processed through the provider. Governance provisions assign recurring oversight and enforcement responsibilities. The Privacy Lead / PIMS Manager must perform quarterly employee privacy evidence reviews across REG02, REG04, REG06, REG07, REG08, REG10 and REG12, while Top Management approves material policy changes and high-risk employee privacy exceptions. Metrics include the percentage of employee processing activities with current REG02 records, employee privacy notice currency, open employee privacy risk and DPIA routing items, employee rights request timeliness, HR vendor review completion and employee PII incident trends when incidents occur. Exceptions must be recorded in REG12 before deviation, assigned an expiry date not exceeding 90 days and reviewed before expiry. Enforcement requires nonconformities in REG12 when required employee privacy evidence is missing, prevents approval of employee monitoring without required evidence, and allows suspension of new employee PII disclosures to HR vendors when processor, subprocessor, instruction or assistance evidence is missing.