Overview: One component of a risk management plan is protection of data. Every employer manages sensitive employer data. Whether it is client lists, future plans or other trade secrets makes little difference: employers should do everything in their power to protect this information from theft.
Data could be stolen from an inside source (such as an employee) or an outside source (such as a hacker). Employers should do their utmost to protect against both scenarios. From an HR perspective, there are employee concerns from both angles. The first relates to any data that the employer wants to protect from the employee, e.g., trade secrets. The second relates to data stolen that contains employee information.
HR, IT and any other relevant work group need to implement security measures that will both stop employees from stealing data and stop any unauthorized person from accessing employee information. Policies and employment agreements might help with some employee-related theft, whereas stronger password protections and spamming technology, along with greater employee education, are some ways to begin with the latter.
Trends: States have taken steps to protect individuals' personal information. For example, some states have passed laws protecting employees' Social Security numbers. Many states have passed or amended data breach notification laws requiring employers to notify affected individuals in the event of a data breach; however, some laws make exceptions if an employer has taken steps to encrypt the data so it is unreadable or indecipherable to an unauthorized person.
Author: Melissa Gonzalez Boyce, JD, Legal Editor
Updated to include retaliation protections under the state's pregnancy accommodations law, effective August 10, 2016.
Updated policy and guidance to reflect the Defend Trade Secrets Act, effective May 11, 2016. See Defend Trade Secrets Act.
As a result of the recently enacted Defend Trade Secrets Act, the Confidential Company Information handbook statement and the Reporting and Anti-Retaliation Policy handbook statement have been updated.
A divided 9th Circuit Court of Appeals has upheld the criminal conviction of a man who accessed his former employer's database to gain proprietary information by using a former co-worker's username and password.
Updated to reflect discipline concerns under the Workplace Privacy Act, effective July 20, 2016.
XpertHR offers many tools and resources to help an employer understand its rights and obligations under the Defend Trade Secrets Act.
Updated to include retaliation protections in the forthcoming state right to request law.
Updated to include whistleblower immunity notice under the federal Defend Trade Secrets Act, effective May 11, 2016.
Amendments to the Illinois Personal Information Protection Act (PIPA) broaden existing categories of protected information and also expand notice requirements in the event of a security breach.
HR guidance on safeguarding employer sensitive data against theft.