In this second part of our series about the AICPA’s Generally Accepted Privacy Principles (GAPP), we’re going to look at two closely connected concepts.

Notice

Making information about your organization’s privacy policy available to individuals whose information is being collected is a critical component of a well-managed program. So is explaining how an individual’s information will be used. Will it be disclosed to third parties for any purpose? Why is it being collected in the first place? Is there software being used to gather private information in ways that the individual might not be aware of? Who is in charge of receiving and processing any questions or complaints about the privacy policy? These are all questions that should be clearly addressed.

Your privacy program must include notices and a means to ensure these notices are delivered at the appropriate time in any transaction. In the case of onboarding, a lot of personal information is collected upon hiring. The use of a system such as Universal Onboarding ensures that new hires can be presented with privacy notices that apply to any and all of the information gathered during the forms completion process.

Choice and Consent

Informing employees about your privacy policies doesn’t do much to build trust and goodwill unless they have the opportunity to give informed consent. Obviously, a new hire who accepts a position is agreeing to provide information on forms such as the I9 to be used in confirming their eligibility to work. Their signature on such a form is a reliable indicator that they are agreeing to have their information used for this purpose by your company (although use of e-Verify requires additional notification in the form of workplace posters).

However, if there is any data that will be disclosed to third parties (such as drug or background checking partners), it is important to collect explicit consent. The consent forms or data panels should disclose whether the choice is optional or if there are consequences (such as termination) for refusing to provide the requested information. Again, Universal Onboarding supports compliance with this aspect of GAPP through the use of electronic signatures including simple “I Agree” or “I Disagree” buttons.

Stay tuned for more GAPP posts in the coming weeks.

Advertisements