Why the Need for a Privacy Policy

Regardless of whether or not a workplace is regulated by privacy legislation, it is advisable to implement a privacy policy. One good reason for doing so is to limit an employer's exposure to legal liability by proactively setting out safeguards for protecting employees' personal information and thereby reducing the likelihood of a violation of an employee's privacy rights.

The primary purpose of a workplace privacy policy is to ensure that employees have a clear understanding of what to expect regarding the collection, use and disclosure of their personal information in the workplace. 

What a Good Privacy Policy Includes

A privacy policy should start with a commitment from the employer to protect the privacy of employees' personal information. More specifically, the policy should include the following:

  • the purpose for collecting and using personal information;
  • how the company plans on collecting, retaining and destroying personal information;
  • when the employer will disclose personal information to third parties;
  • obtaining consent;
  • a right to refuse or withdraw consent;
  • access to and the correction of personal information;
  • the safeguards put in place to protect employees' personal information;
  • a complaints process with respect to a violation of the policy or the policy itself; and
  • the name or title of a person who will receive and deal with complaints.

< Back to Home

Lexis Practice Advisor® Canada

This article was brought to you by Lexis Practice Advisor® Canada.
An online practical guidance solution that gives you access to checklists, forms, precedents and more on an array of in-house counsel topics.