Employee Data Privacy

United States - Data Protection Officer

 Download as a PDF

What is, and which organizations have to appoint a DPO?


A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes: interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended. Under United States law there is generally no specific requirement that data controllers, and even more specifically employers, appoint a data protection officer. 


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that employers appoint a “privacy official” to have the overall responsibility for a company’s compliance with the HIPAA Privacy Rule. The HIPAA Privacy Rule sets the national standards to protect individuals’ personal health information, such as medical records. HIPAA also includes the requirement for appointing a “security official” who is responsible for implementing safeguards for protected health information in electronic form and ensuring compliance with the HIPAA Security Rule. Note that HIPAA only applies to certain employers who offer self-insured health benefits.

UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk