Private Information About Employees Includes More Than You Think

Private Information About Employees Includes More Than You Think

First of all, this is not about HIPAA. Second of all, HIPAA has one P and two A's and nothing to do with hippos, which has two P's and no A's. Third of all, HIPAA only applies to a few situations. Unless you are a medical service provider or a health insurer, you are probably not in one of them.

Now we've got that out of the way, let's talk about private information. The law generally recognizes that a person has privacy interests in information about their personal and sexual relationships, their own body, their home, their medical information, and personal financial information.

How the law treats these privacy interests can vary widely based on the laws and policies involved, the circumstances, and who wants the information and why. Privacy rights are also fairly fragile and easy to waive, meaning if you tell others about your private information, it's not so private anymore.

Back in the analog days, it was much easier to know who had what information about you and how they got it. Today, that's no longer true.

The hungry data beasts are constantly collecting information about us, much of which we don't know about or have access to. Forget about control.

A lot of the data collection and analysis is about selling you more stuff faster, including selling you data and analysis. But some of it is designed to target people and cause harm.

That's why states like California are looking at the data that may be out there about people and the potential harm it may cause and saying, "Hey, this deserves extra protection." Unlike many states and our US Constitution, California also has a constitutional right to privacy that applies to every resident and anybody who wants private information about them.

California recently amended its statutes to include citizenship and immigration status as sensitive information deserving extra protection because there are some who would use this information to harm people and their families regardless of the circumstances. The law generally requires considering the circumstances on a case by case basis and applying the rules with due process and fairness. Yes, there are problems with this approach—it's expensive and time consuming for starters. But there's too much at stake not to.

So, while employers are required to collect information about people's immigration status and citizenship for I-9 reporting, it's also important to understand the rules about disclosure and update your privacy notices.