UNDP

Voice & Privacy

Business IT systems insufficiently protect private information of employees and allow it to be harvested without consent

 

As businesses become increasingly data driven, a corresponding increase occurs in the risk of unauthorised access to and use of private information, such as through data harvesting.

 

The right to privacy is a fundamental human right, which includes the right for all individuals to know whether information about them is being stored and, if so, for what purpose. A business has a duty to its employees to responsibly handle all private employee information in its possession or under its control. This concerns substantive information that employees may communicate through a business’s networks, as well as data that could provide insight into those employees’ behaviour, social relationships, private preferences and identity when analysed and aggregated together or with other data. Many countries have enacted data privacy legislation to protect an individual’s right to privacy from unlawful or arbitrary interference. Such legislation typically imposes the requirement to take various measures to ensure the security and integrity of personal data. 

 

A business should implement technical, administrative and physical safeguards to protect its employees’ private information, which may be collected, deliberately or inadvertently (e.g., metadata), through its IT systems.

 

Businesses should employ security arrangements including the implementation of robust privacy policies and procedures (such as encrypting data and putting in place appropriate access controls and clear data breach processes) and carrying out assessments of IT systems to identify and address vulnerabilities on an ongoing basis. Businesses should also consider providing a higher level of protection to sensitive private information, such as data relating to an employee’s health or financial situation.

Relevant Human Rights Instruments

Universal Declaration of Human Rights, 1948, Article 12
International Covenant on Civil and Political Rights, 1966, Article 17
Declaration on the Use of Scientific and Technological Progress in the Interests of Peace and for the Benefit of Mankind, 1975, Articles 2, 6 and 8