SUBSCRIBE: Newsletter

Human Resources

Toggle

Article

The Futurist: Data privacy and employees – key issues for employers in (Asia)

Human Resources magazine and the HR Bulletin daily email newsletter:
Asia's only regional HR print and digital media brand.
Register for your FREE subscription now »

閱讀中文版本

In the digital age, data protection is a topical, sensitive and increasingly regulated area. This also applies to the workplace and interactions between companies and their staff. Mathew Durham Shanghai-based partner at Simmons & Simmons asks; what should employers have on their radar in Hong Kong, Singapore and Mainland China? With contributions by Simmons & Simmons lawyers in Hong Kong and Singapore.

Each of these three jurisdictions has its own specific laws and requirements relating to data privacy. In Hong Kong, this means primarily the Personal Data (Privacy) Ordinance (PDPO). The equivalent in Singapore is the Personal Data Protection Act (PDPA). The regime in China is more fragmented, but the Labour Contract Law provides basic principles for employers and the Cybersecurity Law contains more detailed requirements. Nevertheless, there are many common themes, whether legal requirements or best practices.

  • Notification

None of the jurisdictions expressly requires an employer to obtain an employee’s consent in order to collect, use or transfer personal data. However, employers should notify employees regarding the purpose of collection and the classes of people to whom data may be transferred. The collection of data should be necessary in the context of the employment relationship.

  • Access

Employees have the right to request access to data held by the employer and to request that data relating to him/her is corrected. Employers should also take all reasonable steps to ensure and maintain the accuracy of data.

  • Security

Employers should take all practicable steps to ensure that data is kept secure and not subject to unauthorised access. This includes checking security arrangements of and having appropriate contractual obligations with any third parties to whom data will be transferred.

  • Retention

Companies should retain data only as long as needed for the purpose for which collected.

  • Transfer

Employers should pay special attention to restrictions on the cross-border transfer of data. In China, in certain circumstances, an official security assessment may be required. In Singapore, employers must ensure that a transferee is legally bound to provide a level of protection comparable to that required under the PDPA. The PDPO in Hong Kong has a provision which, if it becomes effective, will also limit transfers to situations in which employee consent has been obtained or adequate security and protections are in place covering the transferee.

  • Monitoring

There is specific sensitivity regarding the monitoring of employees using the company’s network. The PDPA in Singapore requires express notification to and consent from employees regarding monitoring, especially if this includes private correspondence and information. In Hong Kong, the privacy commissioner has issued guidelines with recommendations regarding the appropriate purpose of monitoring.

It is important for employers to stay abreast of specific data protection laws and their own internal practices. This is a fast-moving area and failure to meet requirements may result in not only regulatory or legal issues but also reputational implications.

The June 2018 issue of Human Resources magazine is a special edition, bringing you interviews with 12 HR leaders, with their predictions on the future of HR.

Read The Futurist or subscribe here.

OFC

Calling all L&D and corporate training professionals! Do not miss Asia’s premier conference on learning, training and corporate development strategy, Training & Development Asia. Register now!

Read More News

Trending