Why a separate employee privacy policy
Employees are not regular data subjects. The employer-employee relationship has built-in power imbalance — an employee cannot really refuse data processing without risking their job. The Israeli Labor Court ruled, time and again, that consent in an employment relationship is suspect, and that the employer must justify every data collection on independent legal basis — not consent alone. Therefore the website privacy policy is not enough. The organization needs a separate employee privacy policy, that addresses the specifics of the employment relationship: what is collected pre-hire, what is collected during employment, what is the scope of monitoring, what is BYOD, what happens at end of employment. This is a document every employee must sign at hire, and every change requires explicit re-signature.