Workplace Privacy Laws in India

With globalization and digitization, most of the jobs involve the use of computers and laptops. Mobile phones have become an essential part of everyday life. Employers and employees stay connected in social media also.  In fact, social media has a large role to play in the success of the business itself. Privacy is a very sensitive issue in the workplace. Employers should not misuse the employee’s personal data. Here we’ll discuss some aspects of workplace privacy.

What are the key aspects of workplace privacy? 

  • Surveillance & Monitoring
  • Data leakage (E.g. Contact details, Blood group, Medical history, Personal information, etc.)
  • Misuse of communication
  • Employee data privacy
  • Sexual harassment

Do we have a right to privacy in India?

Our Constitution does not provide for an explicit right to privacy. The Supreme Court has recognized the right to privacy as a fundamental right as part of the fundamental right to life and personal liberty.

Despite this recognition, privacy is not an absolute right. It may be lawfully restricted for the prevention of crime, public disorder or protection of health or for the protection of other’s rights and freedoms.

We do not have a separate law for the protection of privacy either. There were many bills relating to privacy and data protection, but none became laws.

Does any law provide for data protection and privacy?

Yes! Thankfully, the Information Technology Act, 2000 (IT Act) is the only law which at least attempted to address the issue of data protection. Section 43A provides for the protection of sensitive personal data or information (SPDI) and Section 72A protects personal information from unlawful disclosure in breach of contract.

The government has introduced the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, which set out the compliances which need to be observed by an entity which collects or stores or otherwise deals with SPDI (such as passwords, financial information, health conditions, sexual orientation, medical records and biometric records)

What are the compliances in relation to SPDI?

Employers collect SPDI of their employees for various reasons. It may be for selection processes, record retention purposes, employee evaluations or other legitimate business purposes. The employers need to be aware of SPDI Compliances and related liabilities. The IT Act sets out various parameters and compliances for an employer while dealing with employee SPDI.

  • SPDI should only be collected where there is a need to collect such information for lawful and necessary purposes.
  • Specific written consent (including via electronic modes) should be taken from the employees prior to collection of the SPDI. The employees should be made aware of the requirement to collect the information, the specific items of SPDI being collected, the intended recipients of the SPDI and whether the SPDI would be onward transferred. There should also be an opt-out option available to the employees.
  • Employers should have a well-documented privacy policy as per the requirements of the IT Act which should also be available on the employer’s website.
  • The employees should have access to the information and be allowed to revise and correct deficiencies in the information.
  • Body corporates are allowed to retain sensitive personal information only as long as is lawfully necessary.
  • Before disclosure of SPDI, consent from the individual concerned is necessary.
  • The employer should maintain ‘reasonable security practices and procedures’ to protect the SPDI.

Failure or Negligence of the employer to implement and maintain ‘reasonable security practices and procedures’ may lead to wrongful gains/ wrongful losses to the employee. In that case, the employer is liable to pay compensation to the employee.

Can employer install cameras in the workplace to discourage employee misconduct?

Yes. Not only the employees, but the employers also have data to protect. To protect employees from leaking important data, intellectual property violations, and other misuses of communications, the employers can install cameras in the workplace. It also discourages employee misconduct.

For example, if an employee downloads pornographic material on an office laptop and circulates such content to other employees, it amounts to sexual harassment. To prevent this kind of actions, the employer may install cameras and monitor employee behavior. It also helps in checking whether the employees are working or whiling away their time.

The employer should also ensure that they do not install cameras in areas like bathrooms or changing areas where there is an expectation of privacy.

What are the rules for handling employee medical records?

Medical records and history also form part of SPDI. So the rules for SPDI apply for handling employee medical records.

Can employer monitor his workers’ phone calls to make sure they are properly serving his customers?

Monitoring & surveillance are allowed for the employers. For protection of business interests and ensuring discipline in the workplace, employers can monitor their employees. But the employees do have privacy for their personal life. If the employer wants to monitor his worker’s phone calls, then it has to be on a work phone. The employer should not monitor the worker’s personal phone or the employees’ personal calls on a work phone.

Can employer read employees’ email messages?

This is the same as monitoring phone calls. The employer can only read the employees’ email messages related to the business and not personal emails. In such cases, the employer can provide work laptops/ computers to the employees so that monitoring will not result in an invasion of privacy. Employees also should restrain using the work devices for personal use. But even if they do send personal emails from a work device, the employer should restrain from reading those email messages.

Can employer fire a worker whose personal beliefs clash with mine?

No. Our Constitution prohibits discrimination on grounds of religion, race, caste, sex or place of birth. For example, if the employer fires an employee solely because his religious views are different from the employer’s religious views, the employer can file a suit against the employer.

Can employer randomly search his employees as they leave the workplace to minimize theft?

It is not advisable to randomly search the employees while they leave the workplace. A regular search of all the employees while they leave the workplace is permissible for protection of business property. The search should be conducted only for reasonable causes. Even that search should be confined to the employees’ bags and not the body. Searching the employees’ body would be exceeding the limits and invade privacy.

There are several bills relating to privacy in the Parliament yet to become laws. Our Government should enact a law relating to employment privacy soon due to its increasing importance. But is always best to separate your personal life from your work life. Avoid using work devices for personal use. Always read the privacy policy of the employment with care.

Did you like this article?

Let us know what do you think by commenting below. Don’t forget to share it with your friends!
You can also like us on Facebook and follow us on Twitter to stay updated!

If you need any legal help, please visit us at

Leave a reply:

Your email address will not be published.

Sliding Sidebar