In this second part of our series about the AICPA’s Generally Accepted Privacy Principles (GAPP), we’re going to look at two closely connected concepts.
Your privacy program must include notices and a means to ensure these notices are delivered at the appropriate time in any transaction. In the case of onboarding, a lot of personal information is collected upon hiring. The use of a system such as Universal Onboarding ensures that new hires can be presented with privacy notices that apply to any and all of the information gathered during the forms completion process.
Choice and Consent
Informing employees about your privacy policies doesn’t do much to build trust and goodwill unless they have the opportunity to give informed consent. Obviously, a new hire who accepts a position is agreeing to provide information on forms such as the I9 to be used in confirming their eligibility to work. Their signature on such a form is a reliable indicator that they are agreeing to have their information used for this purpose by your company (although use of e-Verify requires additional notification in the form of workplace posters).
However, if there is any data that will be disclosed to third parties (such as drug or background checking partners), it is important to collect explicit consent. The consent forms or data panels should disclose whether the choice is optional or if there are consequences (such as termination) for refusing to provide the requested information. Again, Universal Onboarding supports compliance with this aspect of GAPP through the use of electronic signatures including simple “I Agree” or “I Disagree” buttons.
Stay tuned for more GAPP posts in the coming weeks.