{"id":15821,"date":"2020-04-21T18:26:05","date_gmt":"2020-04-21T16:26:05","guid":{"rendered":"https:\/\/factorialhr.com\/blog\/?p=15821"},"modified":"2025-04-29T12:26:31","modified_gmt":"2025-04-29T10:26:31","slug":"data-privacy","status":"publish","type":"post","link":"https:\/\/factorialhr.com\/blog\/data-privacy\/","title":{"rendered":"Employee Data Privacy Laws US &#8211; Are you up to speed?"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Data privacy issues have an impact on most HR activities, including data processing, recruitment, performance monitoring, and the handling of references. This is especially true in this modern age of digital and technological advances. As a human resources manager it is vital that you implement systems and processes in your company to safeguard sensitive employee data, ensuring they comply with state, local and international data protection laws.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this post we will take a look at <\/span><b>GDPR data regulations<\/b><span style=\"font-weight: 400;\"> and how the <\/span><span style=\"font-weight: 400;\">Data Protection Act<\/span><span style=\"font-weight: 400;\"> affects employers in the United States. We will also discuss<\/span><b> best practices for protecting employee personal data <\/b><span style=\"font-weight: 400;\">and tips for ensuring privacy compliance at all levels of your company.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><strong><a href=\"#data\">Data privacy overview [Data Privacy Day]<\/a><\/strong><\/li>\n<li style=\"font-weight: 400;\"><strong><a href=\"#compliance\">HR\u2019s responsibility when it comes to data protection<\/a><\/strong><\/li>\n<li><strong><a href=\"#protection\">US Data protection &amp; Privacy<\/a><\/strong><\/li>\n<li style=\"font-weight: 400;\"><strong><a href=\"#protecting\">Protecting Employee Data<\/a><\/strong><\/li>\n<li><strong><a href=\"#bestpractices\">Employee data protection best practices<\/a><\/strong><\/li>\n<li style=\"font-weight: 400;\"><strong><a href=\"#legallyhold\">The type of data a company can legally hold and which they can\u2019t<\/a><\/strong><\/li>\n<li style=\"font-weight: 400;\"><strong><a href=\"#whathappens\">What happens to an employee\u2019s data once they leave a company? <\/a><\/strong><\/li>\n<li><a href=\"https:\/\/factorialhr.com\/document-management\">Document Management Software \u2705<\/a><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Let\u2019s start with a curious event that happens each year in the world of GDPR and employee data.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\"><a name=\"data\"><\/a>Data Privacy Day 2024<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Data Privacy Day is a global annual event that aims to <strong>raise awareness on the importance of privacy and safeguarding data<\/strong>. The campaign promotes privacy and data protection best practices and it <strong>targets both individuals and businesses alike<\/strong>.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The event was first celebrated in North America on January 28th, 2008, as an extension of the existing <\/span><a href=\"https:\/\/www.coe.int\/en\/web\/data-protection\/-\/data-protection-day-2020\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Data Protection Day in Europe<\/span><\/a><span style=\"font-weight: 400;\">. The date corresponds with the signing of the Council of Europe\u2019s 1981 data protection treaty, known as \u201c<\/span><a href=\"https:\/\/www.coe.int\/en\/web\/conventions\/full-list\/-\/conventions\/treaty\/108\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Convention 108<\/span><\/a><span style=\"font-weight: 400;\">\u201d, which follows a technologically-neutral, principle-based approach to protecting an individual\u2019s right to privacy.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Each year on this date, governments and national data protection bodies launch campaigns, conferences and open-door events to inform the public of their rights to personal data protection and privacy. Aside from the general public, campaigns are also often targeted at those working in the education sector and those industries that rely heavily on data processing. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">The event is an opportunity for businesses to re-evaluate how they have been collecting, sharing, and using data, and to improve internal processes to stop valuable data from being exploited, misused, or lost.<\/span><span style=\"font-weight: 400;\">In the US and Canada, the event is led by the <\/span><span style=\"font-weight: 400;\">National Cyber Crime Alliance<\/span><span style=\"font-weight: 400;\"> (NCSA), a non-profit organisation dedicated to promoting a safer and more trusted internet. NCSA\u2019s privacy awareness campaign is an integral component of the global online safety, security and privacy campaign <\/span><a href=\"https:\/\/www.stopthinkconnect.org\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">\u201cSTOP. THINK. CONNECT<\/span><\/a><span style=\"font-weight: 400;\">.\u2122\u201d.<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-105465\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153558\/data-privacy-security-300x200.jpg\" alt=\" data-privacy\" width=\"903\" height=\"602\" srcset=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153558\/data-privacy-security-300x200.jpg 300w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153558\/data-privacy-security-1024x681.jpg 1024w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153558\/data-privacy-security-768x511.jpg 768w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153558\/data-privacy-security-1536x1022.jpg 1536w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153558\/data-privacy-security.jpg 1920w\" sizes=\"(max-width: 903px) 100vw, 903px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\"><a name=\"compliance\"><\/a>GDPR Compliance US: Data Privacy Definition<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Data privacy protection is a branch of data security concerned with the proper handling of data, including consent, notice, and regulatory obligations. Every individual is entitled to access and control all personal information collected and stored by a company and they may revoke their consent at any time.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Although <\/span><b>there are no federal USA data privacy laws<\/b><span style=\"font-weight: 400;\"> and <strong>no centralized data protection agency in the US<\/strong>, companies that work with clients, customers and employees in the European Union must be aware of the principles that govern the <\/span><a href=\"https:\/\/gdpr-info.eu\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">General Data Protection Regulation<\/span><\/a><span style=\"font-weight: 400;\"> (GDPR). The European GDPR, which came into effect in 2018, replaced the previous UK <\/span><a href=\"http:\/\/www.legislation.gov.uk\/ukpga\/2018\/12\/contents\/enacted\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Data Privacy Act<\/span><\/a><span style=\"font-weight: 400;\"> and introduced a new set of guidelines for processing, handling and storing personal data. It requires companies working with or within the European Union to implement data protection policies and procedures that ensure transparency and accountability. <\/span><a href=\"https:\/\/factorialhr.com\/document-management\"><span style=\"font-weight: 400;\">Record-keeping requirements<\/span><\/a><span style=\"font-weight: 400;\"> vary depending on whether a company handling data is a controller (responsible for determining purpose and means of processing personal data) or a processor (those processing data on behalf of the controller).<\/span><\/p>\n<p><a href=\"https:\/\/factorialhr.com\/request-demo\"><img decoding=\"async\" class=\"alignnone wp-image-114373\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager-300x103.png\" alt=\"document manager free demo\" width=\"801\" height=\"275\" srcset=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager-300x103.png 300w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager-768x263.png 768w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager.png 900w\" sizes=\"(max-width: 801px) 100vw, 801px\" \/><\/a><\/p>\n<p><b><a name=\"issues\"><\/a>In terms of employee data, the GDPR data privacy states that employees must be aware of:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Who the controller of their data is<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The purpose of processing their personal data (why information is collected)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Any changes to their contract, company handbook or data processing<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Any third parties who receive their data, such as payroll providers<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Their data protection rights under GDPR, including their right to revoke consent at any time.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">GDPR and companies with less than 250 employees:<\/span><span style=\"font-weight: 400;\"> although GDPR record-keeping requirements are not enforced for most companies with less than 250 employees (with the exception of companies handling data relating to criminal convictions), all other aspects of the data security and privacy act must be complied with.<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-105468\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153608\/data-security-300x200.jpg\" alt=\" data-privacy\" width=\"908\" height=\"605\" srcset=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153608\/data-security-300x200.jpg 300w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153608\/data-security-1024x683.jpg 1024w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153608\/data-security-768x512.jpg 768w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153608\/data-security-1536x1024.jpg 1536w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153608\/data-security.jpg 1920w\" sizes=\"(max-width: 908px) 100vw, 908px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\"><a name=\"protection\"><\/a>Data Protection and Privacy: What Constitutes Personal Data?\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Personal data is defined in the GDPR as being \u201cany information relating to an identified or identifiable person who can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person\u201d. This includes data that is processed electronically, kept in a filing system, included in an accessible record, or held by a public authority.<\/span><\/p>\n<p><b>In terms of employee data, this can include:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">CV, references, and application files<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Personal files<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Payroll information, including tax and insurance data<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Medical files<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Employment contracts, compensation and benefits<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Performance reviews and appraisals<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Any company that collects, stores, gathers, organizes, retrieves, discloses, transfers, or otherwise makes available personal data for an employee located in the EU must ensure they are implementing the correct GDPR measures for employee data collection privacy protection.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\"><a name=\"protecting\"><\/a>How Can You Protect Employee Data?\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">When it comes to employees, it is the responsibility of the Human Resources department to protect and safeguard personal data. In the US, failure to comply with standards set by the <\/span><a href=\"https:\/\/www.ftc.gov\/enforcement\/statutes\/fair-accurate-credit-transactions-act-2003\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Fair and Accurate Credit Transactions Act<\/span><\/a><span style=\"font-weight: 400;\"> (FACT Act) and the <\/span><a href=\"https:\/\/www.federalregister.gov\/documents\/2018\/09\/18\/2018-20184\/summaries-of-rights-under-the-fair-credit-reporting-act-regulation-v\"><span style=\"font-weight: 400;\">Fair Credit Reporting Act<\/span><\/a><span style=\"font-weight: 400;\"> (FCRA) can result in major penalties. And for employees based in the EU, HR managers must also ensure all data handling processes comply with the GDPR.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Employers must create clear policies and procedures that take into account these regulations and ensure they are accessible to all employees. These policies must govern all personal data processed and handled by the company and they must be reviewed and updated on a regular basis. <\/span><b>Employers must provide thorough and continuous training<\/b><span style=\"font-weight: 400;\"> to all staff to ensure employees are aware of data protection usa and security laws, their GDPR employee rights, and the importance of adhering to GDPR procedures at all times. Measures should also be put in place to guarantee the security of stored data, including encryption and designated servers.<\/span><\/p>\n<h3><span style=\"text-decoration: underline;\"><span style=\"font-weight: 400;\"><a name=\"dataissues\"><\/a>GDPR Employee Data Retention: Main Issues<\/span><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">There are many issues that can arise as a consequence of retaining employee data. The following should be taken into account at all times:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>Sensitive personal data:<\/strong> there are extra measures that need to be considered when handling sensitive data such as medical records and employee benefits. These measures aim to safeguard health and safety and reduce discrimination. Explicit consent must be provided before a company can handle and\/or process this data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>Recruitment:<\/strong> as a recruiter, it can be tempting to gather as much information as possible about a potential candidate. Do not collect more data than you need and don\u2019t retain information for longer than necessary.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>Social media:<\/strong> by using social media as a basis for employment decisions you run the risk of encountering issues with protecting employee data and discrimination. A clear social media policy should be included with a company\u2019s general data protection procedures.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>Monitoring<\/strong>: If you monitor employee emails or have a workplace CCTV system in place, you must be able to prove you have a legal basis for doing so. Staff must be informed and provide consent before their computers can be accessed remotely. If consent is not provided, online monitoring could be classed as hacking, a criminal offence subject to penalties.<\/span><\/p>\n<h3><span style=\"text-decoration: underline;\"><span style=\"font-weight: 400;\"><a name=\"policytemplate\"><\/a>Employee Data Privacy Policy Template\u00a0<\/span><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">A privacy policy forms the basis of a company\u2019s internal data protection guidelines. It sets out the rights of data subjects and the obligations of an employer and establishes a series of guidelines, ensuring data complies with GDPR standards. Although policies should be tailored to the needs and requirements of each company, there are certain data that should be included for all industries.<\/span><\/p>\n<p><strong>A good privacy policy template should include the following:\u00a0<\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Policy brief &amp; purpose<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The identity and contact details of the employer<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">A description of the personal data that is collected<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The purposes for processing the data<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The legal basis on which the processing will take place<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Who the personal data is shared with<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Whether personal data is transferred to\/from the EEA and if so, details of the safeguards that are in place to protect the security of data<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">How long the personal data will be stored<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Details about the rights that employees have in relation to that personal data, including the right to request that the employer rectify any incorrect information. Employee consent can be revoked at any time.\u00a0<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"alignnone wp-image-48075 size-full\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/12104857\/employee-data-protection.jpeg\" alt=\"employee data protection\" width=\"795\" height=\"450\" srcset=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/12104857\/employee-data-protection.jpeg 795w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/12104857\/employee-data-protection-300x170.jpeg 300w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/12104857\/employee-data-protection-768x435.jpeg 768w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/12104857\/employee-data-protection-688x388.jpeg 688w\" sizes=\"(max-width: 795px) 100vw, 795px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\"><a name=\"bestpractices\"><\/a>Employee Data Protection Best Practices\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">As a member of the HR team, you can implement a series of best practices to continuously monitor and improve your methods for safeguarding employee data protection:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><strong>Develop effective administrative<\/strong>, technical, and physical data security controls for all business areas. Ensure all areas are aware of compliance requirements.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><strong>Work with your IT department<\/strong> and senior managers to design and implement a series of policies for handling, storing, and accessing employee personal data. Review and update policies on a regular basis to ensure they address the most current security best practices.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><strong>Restrict access to a \u201cneed-to-know\u201d basis<\/strong>. Periodically review who is accessing sensitive information and ascertain if all access is authorized and necessary.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><strong>Work with your security team<\/strong> to build and understand your company\u2019s incident response. With that said, this should be done for each area impacted by privacy concerns (ie. internet usage, social media, confidentiality, information security, and document retention\/destruction).<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><strong>Ensure all employees are aware of data protection procedures. <\/strong>Make sure they have access to all policies, and provide consent for the handling of their data.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><strong>Train employees and managers<\/strong> on the importance of adhering to record-keeping guidelines. Also, they should know the risk of phishing emails, data mining and privacy, and security breaches.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><strong>Always encrypt your data<\/strong>.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Make sure you are<strong> only storing data that is necessary<\/strong> for your business.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><strong>Train senior management<\/strong> so that they can help promote a security-first culture so that employee data protection is at the forefront of every process and procedure.<\/span><\/li>\n<\/ul>\n<h3><span style=\"text-decoration: underline;\"><span style=\"font-weight: 400;\"><a name=\"sensitivedata\"><\/a>How to Store Sensitive Data<\/span><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">An often-overlooked factor when it comes to data protection is storage. According to the GDPR, personal data must be stored for the shortest time possible. That period should take into account the reasons why your company\/organisation needs to process the data. In addition, any<strong> legal obligations to keep the data for a fixed period of time<\/strong> (for example national labor, tax or anti-fraud laws requiring you to keep personal data about your employees for a defined period).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Data needs to be stored on a secure server and, although encryption is not mandatory, it is highly recommended. By using a safe and secure <\/span><a href=\"https:\/\/factorialhr.com\/blog\/edms\/\"><span style=\"font-weight: 400;\">document management system<\/span><\/a><span style=\"font-weight: 400;\"> you can easily and securely manage all your company and employee documents and effectively protect your data. Data can be readily accessed and audited which helps the company achieve its overall goal of compliance.<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-48074 size-full\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/12104831\/data-privacy-day.jpeg\" alt=\"data privacy day\" width=\"795\" height=\"450\" srcset=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/12104831\/data-privacy-day.jpeg 795w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/12104831\/data-privacy-day-300x170.jpeg 300w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/12104831\/data-privacy-day-768x435.jpeg 768w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/12104831\/data-privacy-day-688x388.jpeg 688w\" sizes=\"(max-width: 795px) 100vw, 795px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\"><a name=\"legallyhold\"><\/a>What Employee Data Can a Company Legally Hold?\u00a0<\/span><\/h2>\n<p><strong>An employer can legally hold the following data:<\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Personal details (name, address, marital status, etc.)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Race, ethnicity, political membership and religion<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Trade union membership<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Biometrics, if your fingerprints are used for identification<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Health and medical conditions<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Tax code and other payroll information<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Emergency contact details<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Employment history with the organisation<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Employment terms and conditions (including pay, hours of work, holidays, benefits, absences)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Any workplace accidents or incidents<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Documentation of raining undertaken<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Any disciplinary action<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Performance reviews<\/span><\/li>\n<\/ul>\n<p><strong>An employer can only legally hold the following data with an employee\u2019s express consent:<\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Camera images or video surveillance records<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Information of software that maintains and analyses the use of Internet and e-mail traffic<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Recordings of phone calls or instant messaging<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Remote management of all mobile devices, such as phones and laptops<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Tracking or location data of company cars or equipment.<\/span><\/li>\n<\/ul>\n<h3><span style=\"text-decoration: underline;\"><span style=\"font-weight: 400;\"><a name=\"repercussions\"><\/a>What are the repercussions in the case of a data breach?\u00a0<\/span><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">A data breach is defined as the unauthorised access to, or loss, transfer or destruction of, personal data as a result of a security breach. Depending on location, there are various implications for encountering a data breach. In the UK, for example, data breaches must be reported to the <\/span><a href=\"https:\/\/ico.org.uk\/\"><span style=\"font-weight: 400;\">Data Protection Commission<\/span><\/a><span style=\"font-weight: 400;\"> (DPC) within 72 hours. Breaches involving personal data must also be notified to the data subject within the same timeframe.\u00a0\u00a0<\/span><\/p>\n<p><strong>Repercussions can include:<\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Prosecution: The Data Protection Act 2018 contains provisions making certain disclosure of personal data a criminal offence. Penalties include warnings, reprimands and fines.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">A temporary or permanent ban can be imposed on data processing.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Significant loss of revenue. Companies that face a data breach often end up losing revenue in the short and\/or long-term.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">A data breach can negatively impact a company\u2019s reputation and brand, also affecting the bottom line.<\/span><\/li>\n<\/ul>\n<h3><span style=\"text-decoration: underline;\"><span style=\"font-weight: 400;\"><a name=\"disclosed\"><\/a>Which employee data can and can\u2019t be disclosed?<\/span><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">As we have seen, GDPR regulates personal data in Europe. In the US, it is also regulated by the following organisations:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The <\/span><a href=\"https:\/\/www.cdc.gov\/phlp\/php\/resources\/health-insurance-portability-and-accountability-act-of-1996-hipaa.html?CDC_AAref_Val=https:\/\/www.cdc.gov\/phlp\/publications\/topic\/hipaa.html\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Health Insurance Portability and Accountability Act<\/span><\/a><span style=\"font-weight: 400;\"> (HIPAA), which seeks to protect the privacy of employee health information.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The <\/span><a href=\"https:\/\/adata.org\/factsheet\/ADA-overview\"><span style=\"font-weight: 400;\">Americans with Disabilities Act<\/span><\/a><span style=\"font-weight: 400;\">, which also requires employers to maintain employee health information securely and confidentially.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The Fair Credit Reporting Act (FCRA), which seeks to protect the privacy of consumer and employee financial data.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The Fair and Accurate Credit Transactions Act (FACT Act)<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Generally, personal data cannot be disclosed without the express consent of the employee in question. However, there are certain circumstances where employee data can be disclosed without consent:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The performance of a contract.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Compliance with a legal obligation (including tax and anti-fraud obligations).<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The legitimate interests of the employer.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The performance of a task carried out in the public interest.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Criminal record checks.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Medical reports (in the current climate, this could include whether or not an employee has tested positive for COVID-19).<\/span><\/li>\n<li><a href=\"https:\/\/factorialhr.com\/request-demo\"><img decoding=\"async\" class=\"alignnone wp-image-114373\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager-300x103.png\" alt=\"document manager free demo\" width=\"801\" height=\"275\" srcset=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager-300x103.png 300w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager-768x263.png 768w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager.png 900w\" sizes=\"(max-width: 801px) 100vw, 801px\" \/><\/a><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\"><a name=\"whathappens\"><\/a>What Happens to an Employee\u2019s Data Once They Leave a Company?\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">So far we have clarified what constitutes personal data, what laws govern the handling and processing of employee data, and how companies can safeguard these regulations and ensure compliance. But what about when an employee leaves the company?<\/span><b> What requirements does an employer have<\/b><span style=\"font-weight: 400;\"> and what data needs to be disposed of or stored?<\/span><\/p>\n<p><span style=\"font-weight: 400;\">First and foremost, although <\/span><b>there are no minimum or maximum time limits for keeping employee data<\/b><span style=\"font-weight: 400;\">, the law does state that data should not be kept for longer than necessary. The length of time you keep data depends on many factors, including data type and reasons for storage and handling. Any data not required must be securely destroyed. This applies to both digital and paper records.<\/span><\/p>\n<p><b>There are also other legal requirements which need to be taken into account:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Working time records<\/b><span style=\"font-weight: 400;\">: must be maintained for two years.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Payroll records:<\/b><span style=\"font-weight: 400;\"> must be maintained for 3 years from the end of the last employment tax year.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Maternity, Paternity and Shared Parental Pay records: <\/b><span style=\"font-weight: 400;\">must be maintained for 3 years after the end of the tax year that the payment stopped.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>An employment record: <\/b><span style=\"font-weight: 400;\">Generally speaking, employment records should be maintained for at least 6 years in case a former employee files a claim with the employment tribunals or a security breach claim.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Aside from deciding what data should be stored and what data should be destroyed, the IT department must ensure all company electronic devices, including phones, laptops and tablets, are retrieved and all access to internal systems, processes and documents are immediately restricted.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We hope the tips and advice in this post help you design and implement an efficient data protection policy that safeguards the data of all your clients, customers and employees. Following a proactive, hand-on approach to data privacy will help your company ensure compliance, avoid potentially catastrophic data breaches, and promote a brand based on trust, transparency and accountability.<\/span><\/p>\n<p style=\"text-align: left;\"><a href=\"https:\/\/factorialhr.com\/document-management\" target=\"_blank\" rel=\"noopener noreferrer\">Manage your employee data legally with Factorial HR [Try for free].<\/a><\/p>\n<p><a href=\"https:\/\/factorialhr.com\/request-demo\"><img decoding=\"async\" class=\"alignnone wp-image-114373\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager-300x103.png\" alt=\"document manager free demo\" width=\"801\" height=\"275\" srcset=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager-300x103.png 300w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager-768x263.png 768w, https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/17104933\/demo-banner-document-manager.png 900w\" sizes=\"(max-width: 801px) 100vw, 801px\" \/><\/a><\/p>\n<p><i>Written by\u00a0<\/i>Cat Symonds;\u00a0<i>Edited by<\/i>\u00a0Tanya Lesiuk<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Data privacy issues have an impact on most HR activities, including data processing, recruitment, performance monitoring, and the handling of references. This is especially true in this modern age of digital and technological advances. As a human resources manager it is vital that you implement systems and processes in your company to safeguard sensitive employee<a href=\"https:\/\/factorialhr.com\/blog\/data-privacy\/\" class=\"read-more\"> [&#8230;]<\/a><\/p>\n","protected":false},"author":136,"featured_media":105467,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[146],"tags":[],"class_list":["post-15821","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-legal-hr"],"acf":{"topics":"core-document-management"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.9.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Employee Data Privacy Laws US - Are you up to speed? | Factorial<\/title>\n<meta name=\"description\" content=\"What is data privacy, how&#039;s it regulated, and how can you protect your employee&#039;s data? Are you compliant with employee data protection?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/factorialhr.com\/blog\/data-privacy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Employee Data Privacy Laws US - Are you up to speed?\" \/>\n<meta property=\"og:description\" content=\"What is data privacy, how&#039;s it regulated, and how can you protect your employee&#039;s data? Are you compliant with employee data protection?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/factorialhr.com\/blog\/data-privacy\/\" \/>\n<meta property=\"og:site_name\" content=\"Factorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-21T16:26:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-29T10:26:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153604\/data-secure.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Factorial\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@factorialapp\" \/>\n<meta name=\"twitter:site\" content=\"@factorialapp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Factorial\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/factorialhr.com\/blog\/data-privacy\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/data-privacy\/\"},\"author\":{\"name\":\"Factorial\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/7b5a5469052118a0a452edb12733e380\"},\"headline\":\"Employee Data Privacy Laws US &#8211; Are you up to speed?\",\"datePublished\":\"2020-04-21T16:26:05+00:00\",\"dateModified\":\"2025-04-29T10:26:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/data-privacy\/\"},\"wordCount\":2698,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\"},\"articleSection\":[\"Legal &amp; Finance\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/factorialhr.com\/blog\/data-privacy\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/factorialhr.com\/blog\/data-privacy\/\",\"url\":\"https:\/\/factorialhr.com\/blog\/data-privacy\/\",\"name\":\"Employee Data Privacy Laws US - Are you up to speed? | Factorial\",\"isPartOf\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#website\"},\"datePublished\":\"2020-04-21T16:26:05+00:00\",\"dateModified\":\"2025-04-29T10:26:31+00:00\",\"description\":\"What is data privacy, how's it regulated, and how can you protect your employee's data? Are you compliant with employee data protection?\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/factorialhr.com\/blog\/data-privacy\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#website\",\"url\":\"https:\/\/factorialhr.com\/blog\/\",\"name\":\"Factorial\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/factorialhr.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\",\"name\":\"All-in-one business management software - Factorial\",\"url\":\"https:\/\/factorialhr.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png\",\"contentUrl\":\"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png\",\"width\":946,\"height\":880,\"caption\":\"All-in-one business management software - Factorial\"},\"image\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/\",\"https:\/\/twitter.com\/factorialapp\",\"https:\/\/www.linkedin.com\/company\/factorialhr\",\"https:\/\/www.youtube.com\/@factorialmedia\",\"https:\/\/www.instagram.com\/factorial\/#\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/7b5a5469052118a0a452edb12733e380\",\"name\":\"Factorial\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/94f45aafe3645ee8cdad439505e2817e?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/94f45aafe3645ee8cdad439505e2817e?s=96&d=identicon&r=g\",\"caption\":\"Factorial\"},\"url\":\"https:\/\/factorialhr.com\/blog\/author\/factorial-hr\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Employee Data Privacy Laws US - Are you up to speed? | Factorial","description":"What is data privacy, how's it regulated, and how can you protect your employee's data? Are you compliant with employee data protection?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/factorialhr.com\/blog\/data-privacy\/","og_locale":"en_US","og_type":"article","og_title":"Employee Data Privacy Laws US - Are you up to speed?","og_description":"What is data privacy, how's it regulated, and how can you protect your employee's data? Are you compliant with employee data protection?","og_url":"https:\/\/factorialhr.com\/blog\/data-privacy\/","og_site_name":"Factorial","article_publisher":"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/","article_published_time":"2020-04-21T16:26:05+00:00","article_modified_time":"2025-04-29T10:26:31+00:00","og_image":[{"width":1920,"height":1280,"url":"https:\/\/factorialhr.com\/wp-content\/uploads\/2020\/04\/01153604\/data-secure.jpg","type":"image\/jpeg"}],"author":"Factorial","twitter_card":"summary_large_image","twitter_creator":"@factorialapp","twitter_site":"@factorialapp","twitter_misc":{"Written by":"Factorial","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/factorialhr.com\/blog\/data-privacy\/#article","isPartOf":{"@id":"https:\/\/factorialhr.com\/blog\/data-privacy\/"},"author":{"name":"Factorial","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/7b5a5469052118a0a452edb12733e380"},"headline":"Employee Data Privacy Laws US &#8211; Are you up to speed?","datePublished":"2020-04-21T16:26:05+00:00","dateModified":"2025-04-29T10:26:31+00:00","mainEntityOfPage":{"@id":"https:\/\/factorialhr.com\/blog\/data-privacy\/"},"wordCount":2698,"commentCount":1,"publisher":{"@id":"https:\/\/factorialhr.com\/blog\/#organization"},"articleSection":["Legal &amp; Finance"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/factorialhr.com\/blog\/data-privacy\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/factorialhr.com\/blog\/data-privacy\/","url":"https:\/\/factorialhr.com\/blog\/data-privacy\/","name":"Employee Data Privacy Laws US - Are you up to speed? | Factorial","isPartOf":{"@id":"https:\/\/factorialhr.com\/blog\/#website"},"datePublished":"2020-04-21T16:26:05+00:00","dateModified":"2025-04-29T10:26:31+00:00","description":"What is data privacy, how's it regulated, and how can you protect your employee's data? Are you compliant with employee data protection?","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/factorialhr.com\/blog\/data-privacy\/"]}]},{"@type":"WebSite","@id":"https:\/\/factorialhr.com\/blog\/#website","url":"https:\/\/factorialhr.com\/blog\/","name":"Factorial","description":"","publisher":{"@id":"https:\/\/factorialhr.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/factorialhr.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/factorialhr.com\/blog\/#organization","name":"All-in-one business management software - Factorial","url":"https:\/\/factorialhr.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png","contentUrl":"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png","width":946,"height":880,"caption":"All-in-one business management software - Factorial"},"image":{"@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/","https:\/\/twitter.com\/factorialapp","https:\/\/www.linkedin.com\/company\/factorialhr","https:\/\/www.youtube.com\/@factorialmedia","https:\/\/www.instagram.com\/factorial\/#"]},{"@type":"Person","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/7b5a5469052118a0a452edb12733e380","name":"Factorial","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/94f45aafe3645ee8cdad439505e2817e?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/94f45aafe3645ee8cdad439505e2817e?s=96&d=identicon&r=g","caption":"Factorial"},"url":"https:\/\/factorialhr.com\/blog\/author\/factorial-hr\/"}]}},"_links":{"self":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/15821"}],"collection":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/users\/136"}],"replies":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/comments?post=15821"}],"version-history":[{"count":13,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/15821\/revisions"}],"predecessor-version":[{"id":157338,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/15821\/revisions\/157338"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/media\/105467"}],"wp:attachment":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/media?parent=15821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/categories?post=15821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/tags?post=15821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}