No Data Protections for Employees?

Hello all, and happy Thursday! 

Every year, data privacy regulations give millions more people across the globe data privacy rights that they lacked just a few years before. But consistently, those regulations carve out an exception for the employees of a business. 

California and the EU do provide protections for employee data, but most data privacy laws in the US do not. Absent a federal comprehensive data privacy regulation with protections for employees, US workers have had to rely on the guidance of federal regulatory agencies. 

One of our stories this week focuses on the Consumer Federal Protection Bureau, which recently issued guidance warning companies to follow Fair Credit Reporting Act (FCRA) requirements when conducting background checks, such as obtaining consent and allowing for disputes of inaccurate information. 

Unfortunately, this is a fairly narrow slice of the data rights pie—businesses get a lot of data from their employees, and they don’t always treat it with the respect it deserves. Consider Wells Fargo choosing to fire employees over their use of mouse jigglers to fool remote monitoring software.   

Human resource data is already subject to a number of regulations, it’s true; but do those regulations provide an equivalent level of protection for employee data as the CCPA or GDPR? How much control should an employer have over its employees’ personal data? 

Best, 

Arlo 

P.S. If you, like many privacy professionals, are feeling a little isolated in your organization, you might want to check out our upcoming webinar on November 7th.  We dive into how collaborating with your colleagues in IT, Security, and GRC isn’t just a great way to achieve compliance outcomes, it can also showcase privacy’s value to leadership. Register for Unlock Privacy ROI: Why Making Cross-Functional Allies Is Key here. 

Highlights from Osano

What's New

5 Takeaways from 2024’s Industry Events: A Privacy Pro’s Perspective 

Hear from Osano’s Head of Privacy Rachael Ormiston on what insights she’s gleaned from recent industry events, like IAPP’s Privacy. Security. Risk. (PSR) conference in September. 

Read more 

In Case You Missed It...

On-Demand: The Privacy Pro Survival Summit 

Missed our inaugural Privacy Pro Survival Summit? No worries: You can watch our sessions on privacy program management, AI governance, cross-collaboration, and avoiding privacy burnout here. 

Watch on-demand 

Upcoming Webinars and Events

Unlock Privacy ROI: Why Making Cross-Functional Allies Is Key 

How can privacy prove its value to the business and be seen as more than "just" a cost center? Find out how to demonstrate ROI and gain allies in this webinar. 

November 7th | Save your seat 

Privacy Pros: Why Collaborate with Sales and Marketing and How to Do It Well 

Privacy, sales, and marketing are natural allies—not opponents. They have more to gain by working together than they do by working against one another. We’ll explain why and how in this webinar. 

November 14th | Save your seat 

Top Privacy Stories of the Week

US State Comprehensive Privacy Laws Report–Overview 

This IAPP report analyzes the similarities and differences between enacted US state comprehensive privacy laws. Though the full report is restricted to IAPP members, highlights are accessible using the link below. 

Read more 

CFPB Finalizes New "Open Banking" Rule; Prompt Court Challenge Is Pending 

The Consumer Financial Protection Bureau (CFPB) recently issued its final "open banking" rule. Starting for some institutions as early as 2026, financial service providers must, upon a consumer's request, make financial data available to them and authorized third parties. Financial institutions must provide this data electronically in a secure and reliable manner, requiring third-party data accessors to protect consumers' privacy. In theory, this rule will empower consumers to compare service providers and switch more easily, encouraging competition in the industry. 

Read more 

NBA Must Face Video Privacy Class Action Under Novel U.S. Appellate Ruling 

Despite dire warnings from the pro basketball league and the U.S. Chamber of Commerce about “abusive” litigation under the Video Privacy Protection Act (VPPA), a US appeals court last week revived a class action accusing the NBA of improperly allowing Facebook to harvest personal data from viewers of NBA-posted videos. 

Read more 

CFPB Takes Action to Curb Unchecked Worker Surveillance 

Recently, the CFPB issued guidance to protect workers from unchecked digital tracking and opaque decision-making systems. The guidance warns that companies using third-party consumer reports—including background dossiers and surveillance-based, “black box” AI or algorithmic scores about their workers—must follow Fair Credit Reporting Act (FCRA) rules. This means employers must obtain worker consent, provide transparency about data used in adverse decisions, and allow workers to dispute inaccurate information.  

Read more 

LinkedIn Hit with 310 Million Euro Fine for Data Privacy Violations from Irish Watchdog 

Ireland’s Data Protection Commission hit LinkedIn with a 310 million euro ($335 million) fine over concerns about the “lawfulness, fairness and transparency” of its personal data processing for advertising purposes. The watchdog said it carried out an investigation that found LinkedIn did not have a lawful basis to gather data so it could target users with online ads, which is a breach of the GDPR. 

Read more 

Like what you hear from the Privacy Insider newsletter?

There's more to explore:

🎙️The Privacy Insider Podcast

We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.

📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands

The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.

If you’re interested in working at Osano, check out our Careers page!