Mon. Jan 13th, 2025

[ad_1]

MUMBAI/ NEW DELHI : Companies will no longer be able to collect vast amounts of employee data since it has the potential to become a “toxic asset” after the enactment of the personal data bill, said consultants and law firms advising corporates.

Companies will have to take the consent of employees after explaining in granular detail why their data or that of a prospective candidate needs to be collected and how long it will be stored in the system.

Corporates will also have to specify if the data will be saved to protect the proprietorial rights of the company or provide services and benefits the employee has asked for.

“Until now, some firms used to collect and retain all the data they could get from employees, using broad notices for consent. Now, they will need to be careful about how much data they hold, and will need to be clear about the purpose and necessity for collecting data, for consent to valid,” said Arun Prabhu, partner and head, technology and telecom at Cyril Amarchand Mangaldas.

There will be provisions which will allow employers to ask for data but there too, changes in policies will need to be made.

“While firms can use data without consent to safeguard from liability, protect proprietary information or to provide benefits that employees have asked for — like crèche, medical insurance etc — consent will still likely be important,” Prabhu said.

“Employees have enforceable rights in relation to their data including to seek its correction and erasure, so India Inc may no longer be able to afford to hold data it does not need because it can incur significant liability under the DDPA in relation to employee data,” he added.

Parliament this week cleared the Digital Personal Data Protection Bill (DPDP), making it India’s first law on protecting personal data. According to a Mint report, the government had already started work on implementing the bill, and a roll-out will be seen very soon. Communications and information technology minister Ashwini Vaishnaw has said that the fiduciaries will be consulted for the roll-out, which will be done swiftly but with extreme caution.

While the bill, once it becomes a law after Presidential assent, will be applicable prospectively, corporate India may have to get clarity on whether the data collected from employees prior to the implementation of the bill falls under the purview of the law.

In its current form it is silent on this, but some firms expect that the rules which will follow may provide clarity on the ways to be adopted for such data.

Businesses across sectors will have to now reach out to millions of employees to relook at the data that was submitted to them.

“Employers have their workforce’s personal, educational and medical data. Companies will have to, unless they have done so in the past, get back to their own employees and seek consent,” said Vihang Virkar, partner at Lumiere Law Partner.

Another partner in a Mumbai-based law firm said that now firms will have to look at data as “toxic liability” and keep data used only to bare minimum.

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint.
Download The Mint News App to get Daily Market Updates.

More
Less

Updated: 11 Aug 2023, 11:44 PM IST

[ad_2]

Source link