First, the basic requirements for enterprises to collect personal information of employees
The Personal Information Protection Law stipulates that this law is applicable to all activities involving the processing of personal information of natural persons [1], so enterprises need to fully abide by the Personal Information Protection Law when collecting personal information of employees. The basic principles of the Personal Information Protection Law on personal information collection include: (1) Enterprises need to inform employees of the purpose, scope and methods of personal information collection and obtain their consent; (2) When collecting employees' personal information, enterprises need to abide by the legality, fairness and necessity, and should be limited to the minimum range to achieve the purpose of processing; (3) When an enterprise collects employees' personal sensitive information, it needs employees' separate consent, and it can only be collected for a specific purpose and with sufficient necessity; Wait a minute.
Note: [1] Article 3 of the Personal Information Protection Law
Second, various scenarios in which enterprises collect employees' personal information and the collected personal information.
For an enterprise, how many scenarios will the enterprise collect employees' personal information? For an employee, how much personal information is provided to the enterprise? If we sort it out according to the specific scenes of enterprise management employees, we will find that enterprises may collect a lot of personal information of employees.
(1) When an enterprise recruits employees, when the employees join the company.
Enterprises usually require employees to fill out a written registration form of candidate information or entrepreneurial information for candidates for job positions and new employees who have just joined the company.
Common personal information collected in the application form includes: (1) basic personal information, such as height, weight, nationality, political outlook, marital status, health status, education background, home address, contact information, ID card, etc. (2) Educational experience information, such as graduation institution, major, recommendation letter, certificate, etc. ; (3) Work experience information, such as work unit, work content, typical work items, reasons for leaving, references, etc. ; (4) Religious beliefs, personal interests, etc.
Special work in some special industries, based on the requirements of public health and safety, will further require employees to provide the infection history and cure of infectious diseases, such as (1) food production and operation industries that are in contact with directly imported food; (two) drinking water production, management and supply industry; (3) the work of directly serving customers in public places; (4) Care and education in child care institutions; (5) cosmetic surgery; (6) directly engaged in cosmetics production.
Some enterprises, for female employees, will further understand the love situation, marriage situation, fertility situation of female employees, and even the birth plan of one child, two children and three children [2].
Note: [2] The Beijing News reported on June 4, 2002/KLOC-0 that the interview list of a domestic trendy cultural and entertainment company directly asked whether there was any family planning in the near future, and it was only for women:
/detail/ 1622794054 1436 1 . html
(2) When the enterprise performs the obligations stipulated in the labor contract and labor law.
Based on the relevant obligations stipulated in the labor contract and labor law, enterprises will also collect information such as employees' personal bank accounts and social security accounts when paying employees five insurances and one gold and paying wages.
In addition, when employees ask for sick leave, marriage leave and maternity leave from the enterprise, the enterprise will also collect medical records, diagnosis reports, marriage certificates, birth medical certificates and other materials from employees to confirm the fact that employees are sick, married and have children. In this case, it is possible for the enterprise to collect personal information of employees and their families, such as the employee's illness, the time of getting the marriage certificate, the baby's date of birth, name, ID number, health status, place of birth, etc.
Note: [3] (2020) CaseNo. 10935, Hu 0 1, which records that during the process of employees applying for maternity leave from the enterprise, the enterprise requested to provide marriage certificate and birth medical certificate. In this case, the court held that it was within the reasonable scope of enterprise employment management and did not involve infringement of employees' privacy rights.
(3) When an enterprise provides special employee benefits,
Some enterprises will further provide personalized employee benefits, including commercial insurance for employees and their families, employee travel, employee physical examination, housing subsidies, car subsidies and so on. In this case, employees enjoy the benefits of the enterprise and further provide additional personal information to the enterprise.
1. Commercial insurance for employees and their families
The commercial insurance provided by enterprises for employees and their families will cover life insurance, medical insurance, accident insurance, critical illness insurance, etc. When an insurance company insures such group commercial insurance for an enterprise, it will need the enterprise to further provide detailed and complete personal sensitive information such as disease information, past medical history, rehabilitation status and health status of employees and their families, so as to further evaluate the insurance plans and premiums that employees and their families can participate in. In this information collection process, enterprises often collect personal sensitive information from employees first, and then hand it over to insurance companies, instead of being directly collected from employees by insurance companies.
Similarly, enterprises will also buy corresponding travel insurance and accident insurance for employees during group construction and tourism, which may also involve the above-mentioned personal sensitive information.
2. Employee housing and car subsidies
Different from the common reimbursement of accommodation and transportation for business trips, enterprises may give employees additional housing subsidies and car subsidies. At this time, the enterprise will collect lease contracts, fuel bills, tickets and other materials from employees to verify the facts of employees' housing and transportation. At this point, the enterprise actually collected the specific residence information of employees, travel time recorded on the bill, payment information and so on.
(four) when the enterprise has special management requirements.
According to the enterprise management scenarios we have learned, employees provide personal information to the enterprise in the following scenarios:
1. Use portrait photos of employees in company publicity.
Enterprises often need to use employee portraits and related introductions in promotional videos and brochures to promote the company. In this case, it not only involves the enterprise collecting its portrait photos from employees, but also involves the use of employees' portrait rights.
2. Enterprise attendance and punching in
Enterprises will use paper punched cards, magnetic punched cards, etc. And many companies will use fingerprints and face punching. Some enterprises also require employees to scan their faces or fingerprints to count the number of people eating when providing meals to their employees. In this case, what the enterprise collects is the employee's face information and fingerprint information, which belongs to the employee's personal sensitive information.
3. Collect employees' personal information through electronic devices.
Based on the needs of enterprise management, enterprises can also set up relevant monitoring software when providing employees with work computers and work mobile phones. Enterprises can know the switching time of employees' computers and mobile phones, website browsing, and even the duration of software use through the software. Or, some enterprises will monitor the use of employees' mobile phone traffic through WiFi monitoring, and monitor whether employees are "fishing" at work [4].
Some software companies have also developed remote punch-in function based on the needs of customer enterprises for employee management. When employees visit customers, go on business trips or go out in other places, enterprises can require employees to punch in at designated time and designated foreign places to understand the actual situation when employees are away.
When enterprises collect employees' personal information through electronic devices, they actually get a variety of personal information and rights of employees, such as location information, hardware camera right, hardware storage right, hardware equipment information and so on.
4. Collect personal information of employees under the background of COVID-19 epidemic.
Due to the recent widespread spread of COVID-19 epidemic, enterprises will inevitably collect personal information of employees when implementing corresponding epidemic prevention measures. For example, the temperature information of employees when they take temperature measurements at work, the closed residence information of employees when they are on vacation, the infection situation and rehabilitation information of employees when they are infected with the epidemic.