Overview: One component of a risk management plan is protection of data. Every employer manages sensitive employer data. Whether it is client lists, future plans or other trade secrets makes little difference: employers should do everything in their power to protect this information from theft.
Data could be stolen from an inside source (such as an employee) or an outside source (such as a hacker). Employers should do their utmost to protect against both scenarios. From an HR perspective, there are employee concerns from both angles. The first, more obviously, relates to any data that the employer wants to protect from the employee - e.g., trade secrets. The second relates to data stolen that contains employee information.
HR, along with IT and any other relevant work group, need to create security guards that will both stop employees from stealing data and stop any unauthorized person from accessing employee information. Policies and employment agreements might help with some employee-related theft, whereas stronger password protections and spamming technology, along with greater employee education, are some ways to begin with the latter.
Trends: Bring your own device (BYOD) policies are growing and more and more employers are having employees bring in their own laptops, etc., in place of supplying employees with these devices. While there are many benefits to this type of service, there are also some security pitfalls regarding theft of data as the computers are often less secure, and it is harder to remove the data from the computer at the end of employment.
Author: Ashley Shaw, JD, Legal Editor
To help combat the growing problem of identity theft in the US, the IRS has issued guidance on the taxability of identity protection services provided by an employer at no cost to employees whose personal information may have been compromised in a data breach. The IRS is also requesting comments from employers on other related issues.
In-depth review of the spectrum of Arkansas employment law requirements HR must follow with respect to employee discipline.
Major, recent breaches at the Office of Personnel Management (OPM) and UCLA Health serve as examples of why an employer should ensure to the best of its ability that it has taken adequate security measures to protect its customers' and employees' personal information.
In-depth review of the spectrum of Colorado employment law requirements HR must follow with respect to employee discipline.
California employers seeking to ensure that employees know that they should not improperly use or disclose certain confidential information and the potential ramifications of doing so should consider including this model policy statement in their handbook.
Anthem Inc., the second largest health insurance company in the nation, was recently breached by hackers who gained access to the unencrypted personal information of nearly 80 million members and nonmembers, including the company's president/CEO and employees.
In-depth review of the spectrum of New Hampshire employment law requirements HR must follow with respect to employee discipline.
Employers seeking to ensure that employees know that they should not improperly use or disclose certain confidential information and the potential ramifications of doing so should consider including this model policy statement in their handbook.
Employers seeking to notify employees of employer monitoring, measures to protect employee privacy and the strict prohibition against unauthorized or improper use of video surveillance footage should consider including this model policy statement in their handbook.
HR guidance on safeguarding employer sensitive data against theft.