AN EXPLORATORY REVIEW ON DATA PRIVACY IN HRM: REVIEW LESSONS FROM SOUTH AFRICA

Authors

DOI:

https://doi.org/10.18623/rvd.v23.6089

Keywords:

Data Privacy, POPIA, Human Resource Management, Employee Data, Workplace Monitoring, Talent Analytics, South Africa, Data Governance, Protection of Personal Information Act, Digital HRM

Abstract

Data privacy in human resource management (HRM) has become a critical governance concern in the digital era, as organisations increasingly collect and process large volumes of employee and applicant data through advanced technologies such as HR information systems, artificial intelligence, and workplace monitoring tools. This exploratory review examines the conceptual, legal, ethical, and practical aspects of data privacy in HRM, with a specific focus on South Africa and the implications of the Protection of Personal Information Act 4 of 2013 (POPIA). Drawing on 52 peer-reviewed sources published between 2020 and 2025, the study identifies six key themes, including data privacy theory, legal frameworks, employee data practices, recruitment challenges, workplace surveillance, and organisational governance. The findings reveal notable gaps between POPIA requirements and actual HR practices in both public and private sectors. Key issues include weak lawful processing practices, limited enforcement of employee data rights, tensions between surveillance and privacy, and uneven data governance maturity. The review concludes by offering practical recommendations to support HR professionals, legal experts, and policymakers in strengthening ethical, compliant, and effective data privacy practices within South African organisations.

References

Botha, J., & Grobler, A. (2022). Data protection compliance in South African organisations: Accountability, governance, and the POPIA imperative. South African Journal of Business Management, 53(1), 1–14. https://doi.org/10.4102/sajbm.v53i1.3098

Budjac Corvette, B. A., & Ivancevich, J. M. (2022). Human resource management and employee privacy: Balancing operational needs with dignity rights in digital workplaces. Journal of Business Ethics, 178(3), 671–689. https://doi.org/10.1007/s10551-021-04801-z

Cavoukian, A. (2009). Privacy by design: The 7 foundational principles. Information and Privacy Commissioner of Ontario.

Chamorro-Premuzic, T., Polli, F., & Dattner, B. (2022). Building ethical AI for talent management. Harvard Business Review Digital Articles, 1–7.

Coetzee, M., & Joubert, M. (2022). Employee privacy rights and workplace surveillance in the post-COVID digital workplace: A South African perspective. Potchefstroom Electronic Law Journal, 25, 1–42. https://doi.org/10.17159/1727-3781/2022/v25i0a13218

Constitution of the Republic of South Africa, Act 108 of 1996.

Department of Employment and Labour. (2022). Employment Equity Amendment Act 4 of 2022. Government Gazette Republic of South Africa.

Dube, L., & Mthethwa, N. (2023). AI-driven recruitment in South African organisations: Adoption, governance, and equity implications. South African Journal of Human Resource Management, 21(1), 1–18. https://doi.org/10.4102/sajhrm.v21i1.2089

Financial Sector Regulation Act 9 of 2017. Government Gazette Republic of South Africa.

Floridi, L. (2020). The ethics of artificial intelligence. Oxford University Press.

Grant, M. J., & Booth, A. (2009). A typology of reviews: An analysis of 14 review types and associated methodologies. Health Information & Libraries Journal, 26(2), 91–108. https://doi.org/10.1111/j.1471-1842.2009.00848.x

Greenleaf, G., & Czarnowski, G. (2023). Privacy laws and AI: An analysis of data protection regimes in Africa. Computer Law & Security Review, 49, Article 105834. https://doi.org/10.1016/j.clsr.2023.105834

Health Professions Act 56 of 1974. Government Gazette Republic of South Africa.

Information Regulator of South Africa. (2023). Guidance note on the processing of personal information for human resource management purposes under POPIA. Information Regulator.

Moreham, N. A. (2022). Privacy in the employment relationship: Reconstructing the law of employee privacy. Industrial Law Journal, 51(3), 444–479. https://doi.org/10.1093/indlaw/dwab019

Munn, Z., Peters, M. D. J., Stern, C., Tufanaru, C., McArthur, A., & Aromataris, E. (2022). Systematic review or scoping review? Guidance for authors when choosing between a systematic or scoping review approach. BMC Medical Research Methodology, 18(1), Article 143. https://doi.org/10.1186/s12874-018-0611-x

Naidoo, R., & Brewis, J. (2023). Between fairness and function: Candidate experiences of psychometric assessment in South African graduate recruitment. Journal of Organizational Effectiveness: People and Performance, 10(2), 218–241. https://doi.org/10.1108/JOEPP-03-2022-0084

Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79(1), 119–157.

Oosthuizen, R. M. (2022). Data protection and AI in South African employment: POPIA and the road to algorithmic accountability. Industrial Law Journal (South Africa), 43(4), 902–928.

Protection of Personal Information Act 4 of 2013. Government Gazette Republic of South Africa.

Rasmussen, T., & Ulrich, D. (2023). Learning from practice: How HR analytics avoids being a management fad. Organizational Dynamics, 44(3), 236–242. https://doi.org/10.1016/j.orgdyn.2015.05.008

Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002. Government Gazette Republic of South Africa.

Roos, A. (2021). The Protection of Personal Information Act: Commentary and annotated text. Juta.

Solove, D. J. (2022). Understanding privacy (2nd ed.). Harvard University Press.

Thite, M. (2022). Digital human resource management: Global trends and challenges. Employee Relations, 44(2), 234–252. https://doi.org/10.1108/ER-03-2021-0104

Veldsman, D., & Coetzee, M. (2022). Responsible people analytics in South Africa: Privacy by design, governance maturity, and the POPIA imperative. SA Journal of Human Resource Management, 20, Article a1911. https://doi.org/10.4102/sajhrm.v20i0.1911

Voigt, P., & Von dem Bussche, A. (2022). The GDPR: A practical guide (2nd ed.). Springer.

Westin, A. F. (1967). Privacy and freedom. Atheneum.

Downloads

Published

2026-05-20

How to Cite

Bangura, S., & Lourens, M. E. (2026). AN EXPLORATORY REVIEW ON DATA PRIVACY IN HRM: REVIEW LESSONS FROM SOUTH AFRICA. Veredas Do Direito, 23(8), e236089. https://doi.org/10.18623/rvd.v23.6089

Issue

Vol. 23 No. 8 (2026): Veredas do Direito, v. 23, n. 8 2026

Section

Articles

License

I (we) submit this article which is original and unpublished, of my (our) own authorship, to the evaluation of the Veredas do Direito Journal, and agree that the related copyrights will become exclusive property of the Journal, being prohibited any partial or total copy in any other part or other printed or online communication vehicle dissociated from the Veredas do Direito Journal, without the necessary and prior authorization that should be requested in writing to Editor in Chief. I (we) also declare that there is no conflict of interest between the articles theme, the author (s) and enterprises, institutions or individuals.

I (we) recognize that the Veredas do Direito Journal is licensed under a CREATIVE COMMONS LICENSE.

 

Licença Creative Commons Attribution 3.0