Data protection and privacy

UK: new resources on criminal record checks, mental health and dyslexia

Unlock has published new guidance for employers on criminal record checks, to which the ICO has contributed. The guidance states that checks at the application stage are unlikely to be necessary for most jobs and therefore likely to be a … Continue reading

Leave a Comment

Filed under Data protection and privacy, Jurisdiction: UK, Workplace culture, diversity and discrimination (including bullying and harassment)

UK: first enforcement notice under GDPR shows extra-territorial reach

The UK data protection regulator, the Information Commissioner’s Office (ICO), has issued its first enforcement notice under the General Data Protection Regulation (GDPR). The notice is particularly noteworthy because it has been issued against a company located in Canada, which … Continue reading

Leave a Comment

Filed under Data protection and privacy, Jurisdiction: UK

UK: Court of Appeal upholds employer vicarious liability for employee data breach and serious assault

The Court of Appeal has upheld the High Court decision in Morrisons Supermarkets Plc v Various Claimants that an employer can be vicariously liable for an employee’s misuse of data even where it has done as much as reasonably possible to … Continue reading

Leave a Comment

Filed under Data protection and privacy, Jurisdiction: UK

UK: Government’s white paper on future relationship and technical notes in the event of a Brexit no-deal

Over the summer the Government published its white paper on the future UK-EU relationship post transitional period, covering a wide range of issues including immigration and employment. On immigration, the Government stated that it recognises the importance of moving and … Continue reading

Leave a Comment

Filed under Data protection and privacy, International mobility (including secondments, migrant workers, territorial jurisdiction), Jurisdiction: UK

APAC: Background Checks

This month, we consider whether employers can conduct background checks by way of social media/internet searches on prospective employees, focussing on the position in Singapore, Hong Kong, Japan and South Korea.

Leave a Comment

Filed under Data protection and privacy, Jurisdiction: Asia

Korea: Handling Employee Data

Under the Personal Information Protection Act (“PIPA”) any company which handles personal data will be deemed a ‘data handler’ and must comply with strict requirements. This includes employee personal data.

Leave a Comment

Filed under Data protection and privacy, Jurisdiction: Asia

Hong Kong: The Requirement of Being ‘Fit and Proper’

In many industries, it is a requirement that certain individuals performing regulated activities are, and remain, fit and proper. For example, these requirements will apply to certain individuals who are subject to the oversight of financial services regulators such as … Continue reading

Leave a Comment

Filed under Data protection and privacy, Jurisdiction: Asia, Protection of business interests (including restrictive covenants and confidential information)

APAC: Managing Employee Personal Information Part 2

We continue our review of the different obligations employers have around the region in relation to collecting, using and storing employee data by looking at some further common issues.

Leave a Comment

Filed under Data protection and privacy, Jurisdiction: Asia

APAC: Managing Employee Personal Information

An organisation’s obligations in respect of managing personal information vary greatly from country to country. We consider the different obligations employers have around the region in relation to collecting, using and storing employee data.

Leave a Comment

Filed under Data protection and privacy, Jurisdiction: Asia

EU: Data Use – Protecting a critical resource

Described by some as the “new oil” for the digital economy, there is no doubt that data are now seen as critical for organisations to succeed. Data are a powerful and lucrative fuel for productivity. If not adequately protected, data … Continue reading

Leave a Comment

Filed under Data protection and privacy, Jurisdiction: Cross-border, Jurisdiction: France, Jurisdiction: Germany, Jurisdiction: Spain, Jurisdiction: UK, Resources