Employee Data Privacy

China - Employee Access Rights

 Download as a PDF

Do individuals have the right to access their personal information?

 

iStock-62410820-2Data protective jurisdictions tend to guarantee the right of individuals to contact an organization directly and find out whether personal data is being tracked. Access procedures and acceptable exceptions (such as business secrecy) are determined by law and may be subject to the control of data protection authorities. In the context of HR, personal data access requests can include information tracked by the company as well as data tracked by third-party solutions, such as background check vendors.

 

The Cybersecurity Law generally prescribes data protection and data security obligations by network operators. Under this law, data subjects have the right to have their data corrected, as well as the right to request deletion in the event of a data breach.

 

The Ministry of Industry and Information Technology (MIIT) Regulation does require that, after users have terminated the use of telecommunications or internet information services, telecom business operators and internet information service providers stop the collection and use of the users' personal information, and provide the users with services for deregistering relevant phone numbers or account numbers.

 

As a best practice, some international employers operating in China follow The Personal Information Security Specification, (个人信息安全规范, GB/T 35273-2017) when collecting employee data. Employers may take the following actions upon a data subject’s request:

  • Provide employees and other data subjects with the personal information (or types of personal information related to the data subject) held by the employer; the source and purpose for collecting this personal data; and, the identity of 3rd parties or types of 3rd parties who have already obtained access to the personal data.

  • Outline how individuals can obtain copies of their personal information, including basic personal data, personal identification information, personal health/physiological information and, personal education/work information.

  • Delete personal data as required when violating laws or regulations.

  • Cancel accounts held by data subjects (as appropriate) and anonymize or delete information after the account is canceled.

 

Ultimate Software's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where Ultimate Software's customers have employees. HR Compliance Assist is a service exclusively available to Ultimate Software customers.

Share Your Feedback

Let's Talk