Overview: One component of a risk management plan is protection of data. Every employer manages sensitive employer data. Whether it is client lists, future plans or other trade secrets makes little difference: employers should do everything in their power to protect this information from theft.
Data could be stolen from an inside source (such as an employee) or an outside source (such as a hacker). Employers should do their utmost to protect against both scenarios. From an HR perspective, there are employee concerns from both angles. The first, more obviously, relates to any data that the employer wants to protect from the employee - e.g., trade secrets. The second relates to data stolen that contains employee information.
HR, along with IT and any other relevant work group, need to create security guards that will both stop employees from stealing data and stop any unauthorized person from accessing employee information. Policies and employment agreements might help with some employee-related theft, whereas stronger password protections and spamming technology, along with greater employee education, are some ways to begin with the latter.
Trends: Bring your own device (BYOD) policies are growing and more and more employers are having employees bring in their own laptops, etc., in place of supplying employees with these devices. While there are many benefits to this type of service, there are also some security pitfalls regarding theft of data as the computers are often less secure, and it is harder to remove the data from the computer at the end of employment.
Author: Ashley Shaw, JD, Legal Editor
Yesterday the US House of Representatives voted unanimously (410-2) to pass a bill - the Defend Trade Secrets Act (DTSA) of 2016 - that would standardize and strengthen businesses' current legal remedies and protections against trade secret theft. The DTSA was overwhelmingly passed by the Senate earlier this month. President Barack Obama is in favor of the measure and is expected to sign it into law.
HR and payroll professionals are falling prey to a current phishing scheme that lures them to respond to emails purportedly sent by company executives requesting private employee information, the IRS warned today. The scam tricks those in HR and payroll into emailing private employee data, such as Forms W-2 containing employees' Social Security Numbers (SSNs) and other personally identifiable information to cybercriminals.
HR guidance on safeguarding employer sensitive data against theft.