Privacy Policy

Employee Privacy Policy

Overview

At Project Hope Foundation (PHF), we are committed to respecting and protecting the privacy and confidentiality of our employees in compliance with federal and South Carolina state laws. This Employee Privacy Policy outlines how PHF collects, uses, discloses, and protects employee personal information while ensuring a safe, secure, and legally compliant workplace.

Scope

This policy applies to all employees, job applicants, contractors, interns, and volunteers who work for PHF, use PHF systems or equipment, or are present on PHF premises.

Policy Statement

PHF’s Employee Privacy Policy is designed to balance operational needs with employees’ expectations of privacy. We safeguard personal and sensitive information, comply with legal mandates, and operate transparent and secure data-handling practices.

1. Personal Information Collection and Use:

PHF collects personal information for legitimate business purposes, including recruitment, onboarding, HR management, payroll, scheduling, training, compliance, safety, and operations.
Categories of data may include identification details, employment records, credentials, timekeeping, access logs, background checks, and medical/work restriction data.
PHF adheres to the principle of data minimization, collecting and retaining only the personal information necessary to fulfill the identified business, legal, or regulatory purpose. Unnecessary or outdated personal data is securely deleted or anonymized as appropriate.
PHF maintains internal data governance practices that assign accountability for data accuracy, security, and lifecycle management. Regular audits and access reviews are conducted to ensure compliance with applicable privacy standards.

2. Health and Medical Information:

PHF complies with the Americans with Disabilities Act (ADA), Genetic Information Nondiscrimination Act (GINA), and the Pregnant Workers Fairness Act (PWFA) in collecting and storing medical information. Employee medical data is stored in separate, confidential medical files with access limited to authorized personnel.
PHF’s group health plan and business associates are subject to HIPAA regulations; routine HR files are not HIPAA-covered.

3. Electronic Communications and Monitoring:

PHF systems, including email, internet, and devices, are PHF property and may be monitored for legitimate business purposes (security, operations, compliance).
Monitoring is not used to interfere with employee rights under the National Labor Relations Act (NLRA).
PHF does not access employees’ personal email or social media accounts without lawful cause or consent.
Employees should have no expectation of privacy on PHF systems or issued devices.
If employees use personal devices to access PHF systems or conduct PHF business, they are expected to follow applicable security and data protection protocols. PHF does not monitor personal devices, but reserves the right to require deletion of PHF-related content upon separation or when required to protect sensitive data. Employees should avoid storing PHF data in unapproved applications or personal cloud storage.

4. Video Surveillance and Recording:

Surveillance cameras are used in public or shared work areas for security. Cameras are not placed in private areas such as restrooms or changing rooms.
Audio recording is used only when lawful and with required consent.

5. Social Security Numbers:

PHF limits SSN use to legally required purposes (e.g., tax, benefits).
SSNs are not transmitted over unencrypted channels or used as login credentials without additional security.
Physical and electronic records containing SSNs are securely stored and disposed of per South Carolina Code § 1-11-490.

6. Searches and Investigations:

PHF may inspect PHF property, facilities, or issued devices.
Consent may be requested to inspect personal belongings on PHF premises when justified by safety or policy concerns. Physical searches of a person are not conducted.
Vehicle inspections require consent or legal authority. Refusal may result in removal from the premises or corrective action.

7. Photographs, Videos, and Employee Likeness:

PHF will obtain written consent before using employee photos, video, or voice in external marketing or public-facing materials. Declining consent will not affect employment.
Internal uses (e.g., training, evaluation, safety footage) may occur as needed, with access limited to relevant personnel.
Research-related uses require applicable ethics approvals.

8. Media Inquiries

All external media inquiries must be directed to PHF’s designated media representative.
Employees are not authorized to speak on behalf of PHF unless explicitly permitted.

9. Background Checks and Consumer Reports

PHF conducts background checks for employment or engagement, in compliance with the Fair Credit Reporting Act (FCRA) and applicable state law.
Checks may include SLED criminal history, DSS Central Registry, and sex offender databases. For certain programs, fingerprint-based FBI checks are conducted.
PHF provides a standalone disclosure and obtains written authorization before obtaining and consumer report.
If adverse action is considered based on a report, employees will receive a pre-adverse action notice, report copy, and FCRA Summary of Rights.
Records are retained as required by the EEOC and state licensing laws and disposed of securely.

10. Program-Specific Screening (South Carolina)

ASD Medicaid Programs: Criminal background and DSS registry checks are conducted at hire and annually. Sex offender registry checks are also required. Fingerprints are not mandated unless otherwise required.

11. Retention and Disposal:

PHF retains personnel and medical records per federal and state requirements and longer when needed for contracts, audits, or legal holds.
Retention periods vary by record type and applicable law. For example, general personnel files are retained for at least three years after separation, payroll and wage records for three years, and medical accommodation files for three years following the end of employment or the accommodation period. Specific retention schedules are available from Human Resources.
Records are securely destroyed once no longer required.

12. Training and Awareness

PHF provides training to personnel who handle personal, medical, or background check data, and to those involved in accommodations, leave administration, investigations, and surveillance.

13. Violations and Reporting

Suspected privacy or data security violations must be reported to Human Resources or the designated privacy contact.
PHF investigates reports and takes corrective action where appropriate.
Retaliation against any individual who raises a good-faith concern or participates in aninvestigation is strictly prohibited.

14. Employee Rights and Requests

Employees may request access to or request corrections to their personal data.
When a consumer report is used for employment purposes, employees will receive appropriate notices and have dispute rights under the Fair Credit Reporting Act.

15. Notification of Policy Changes

PHF will provide advance notice of material changes via posting and email.
The current version of this policy is available from Human Resources.

Responsible Party

The Human Resources department of PHF is responsible for implementing, enforcing, and periodically reviewing this policy. For inquiries or further clarification regarding the Confidentiality Policy, employees may contact Human Resources at humanresources@projecthopesc.org or speak with the Human Resources Manager.