Which of the following is NOT true with regard to handling of PII (Personally Identifiable Information)?
a. PII collected from the employee must not be processed by the employer.
b. When PII is collected from the employee, the employee must be notified by the employer about the purpose for which it is being collected.
c. The employer must restrict collection of PII to the minimum extent possible from its employees.
d. Employee PII collected by the employer must not be retained when it is no longer required.
The correct answer and explanation is :
Correct Answer:
a. PII collected from the employee must not be processed by the employer.
Explanation:
Personally Identifiable Information (PII) refers to data that can be used to identify an individual, such as name, address, social security number, or financial details. Employers often collect PII for legitimate purposes, such as payroll, tax compliance, benefits administration, and security purposes.
Why Option (a) is Incorrect:
The statement that “PII collected from the employee must not be processed by the employer” is not true because employers must process employee PII for various lawful and operational reasons. Organizations collect and process this data under legal obligations, employment contracts, or legitimate business interests. Processing can involve storing, using, transferring, or securing the data while ensuring compliance with data protection laws (e.g., GDPR, CCPA).
Why the Other Options are True:
- (b) Employee Notification: Employers must inform employees about why their PII is being collected. Transparency is a fundamental principle under data protection regulations.
- (c) Minimum Collection Principle: Employers should limit PII collection to only what is necessary to avoid excessive or unnecessary data accumulation, reducing privacy risks.
- (d) Data Retention: Employers must not retain PII once it is no longer required for its original purpose, ensuring compliance with retention policies and minimizing security risks.
Thus, option (a) is NOT true, making it the correct answer.
Image Representation:
The concept of handling employee PII responsibly.
Here’s the image illustrating responsible handling of employee PII, including security and compliance principles. Let me know if you need any modifications or further details!