May consent be used as a legal basis for processing worker information? (Y/N – if N, please explain)
Are there any specific worker data collections or processing operations that require prior consent? (Y/N – if Y, when is consent required)
Are there exceptions that will allow employers to collect and treat workers data without consent? (Y/N – if Y, list the exceptions)
Yes. Processing of personal data, in case of legal obligations, will occur without specific consent.
Is the company required to provide a privacy notice to workers? (Y/N)
Does the worker privacy notice need to address security measures?
Not necessarily. However, general regulation provides that data controller must adopt the necessary technical and organizational measures to guarantee the security of the information received to prevent its loss or unauthorized use and access.
Are there any other unique disclosure requirements with respect to the privacy notice (e.g. list data retention periods, state legitimate bases, etc.)?
Data Subject Rights
Are there data subject rights for workers? (Y/N – if Y, please list)
Yes. Workers have the same rights as any data subject (i.e., right of access, rectification, updating, cancellation, objection or revocation).
What is the timeframe to respond to data subject requests from workers?
Are there exceptions to responding to data subject requests from workers?
Special Rules for Worker Information
Are there employment rules about privacy-related discrimination (e.g., unlawful to terminate employment due to worker submitting an access request)?
There are no specific employment rules on privacy-related discrimination.
Are there any unique requirements for transfers of employee information to third parties (i.e., contractual restrictions or otherwise)?
Yes. Generic rules about transfer of personal data to third parties are also applicable to employee information (i.e. prior knowledge and the express consent provided in writing or another comparable means).
Are there rules about automated decisionmaking involving workers (e.g., hiring decisions)?
Are there rules about processing sensitive information or information about worker households or families (e.g., biometric data, health/medical information, sexual orientation, religious affiliation, union membership, etc.)?
Are there specific security requirements for storing and processing worker information?
No. However, general regulation provides that data controller must adopt the necessary technical and organizational measures to guarantee the security of the information received to prevent its loss or unauthorized use and access.
Are there rules about using worker information for marketing?
General rules about use of personal data for marketing is applicable also to worker information for marketing. In relation to this, the Supreme Decree No. 1793 establishes that marketing communications sent by any type of providers will require consent of the customer, furthermore, silence cannot be considered as acceptance.
Are there rules about surveillance of workers?
Yes, employer surveillance through cameras or other electronic media is considered labor harrasment and is considered a breach to labor and social laws.
Are there other specific privacy rules or issues involving worker information (e.g., BYOD policies, monitoring technology use, automated tracking of workers)?
Government and Recourse
Is there a legislative body or government entity that regulates employment-related privacy matters?
In the event of a violation, is the recourse regulatory, a private right of action, or other?
Expected Changes to Worker Privacy Laws:
Yes. At the moment there are two general data protection bills, however, neither is being treated by the Legislative Assembly, it is unlikely that a new law will be approved in the short term.
Is business-to-business (B2B) data treated differently than consumer or employee data? (Y/N – If yes, please explain).