At Value Privacy we are advising clients on the down stream impacts of new privacy laws and how they impact previously held standard practices. Privacy laws are – in essence – about the rights of an individual to control their data and hence, impact on life choices. The new reality is that companies cannot opt-out of privacy – it’s a law that is being enforced and getting it wrong can be expensive.
The EU GDPR law provides view into what we can expect in the US and LATAM and this is one example of what companies face.
A transportation company was fined 2 million Euro as a result of how they managed the investigation of criminal history of job applicants
The company did not have a legitimate interest in verifying the criminal history of job applicants (no national law to rely on), failed to offer proper information about the collection of job applicant personal data, and could not base the international transfer of job applicant data on consent (consent was not optional)
Going forward and in addition to the fine, the company must prove that criminal record checks are no longer required by job applicants, delete any criminal record data in their possession, and provide adequate information about their data collection practices to job applicants.
There are three important questions every company must ask:
-Have you performed a gap and risk assessment of core processes against new privacy laws?
-Do you have a set of controls in place that would enable you to defend against such an action?
-What will your insurance cover?
Talk to us at Value Privacy to help answer these questions.