Update on Privacy and Security Laws Aimed at Protecting Employee Data
With the rapid growth of data privacy and security laws — aimed at protecting employee data — it is critical, now more than ever, for employers to be aware and comply with these laws. First, it is good for business to keep this data secure and second, these laws carry a private right of action and civil penalties as much as $500,000 in some states. There is much more to be learned about this in an article we came across from Law.com. We highly recommend you check it out. It is vital for employers to protect this data, and they should know — from a legal standpoint — what the risks are and how to protect themselves, and more importantly, protect their employees’ data.
Speaking of more detail about new state legislation aimed at protecting user and employee data, the National Journal published an article about Connecticut, Massachusetts and Nevada recently enacted laws requiring businesses to institute certain compliance measures to secure personal information that can be used to perpetrate identity theft. Check out that article here.
And, finally, Rhode Island Attorney General Patrick C. Lynch is going after “Dumpster divers” with proposed legislation that requires businesses and government agencies to destroy personal records and other information on customers rather than simply discard the documents in the trash. The proposed legislation was sparked by the recent settlement where CVS-Caremark had to paid $2.25 million to resolve allegations that it violated the Health Insurance Portability Act for improperly disposing of confidential medical and financial information.
It goes without saying that any legislation that further protects employee and customer data is a good thing. One thing, we would like to hear from our readers about is that are these laws effective enough? Is this a start in the right direction? Or, do we need more legislation?
.gif)
Facebook
LinkedIn
Twitter
Comment from Linked-In:
“It is shameful that it becomes neccessary to have laws to mandate what should have been common sense. Anyone, who works with the storage and management of personnally identifiable information, ought to respect the confidentiality of that information. It should only be viewed by people who have need to know the data, and only within the context of their work. A shredder should be used for paper records when we are done using them, and the shredded papers should not go into same disposal (a computer program can reassemble shredded info). Offices, associated with the access and storage of this data, should be secured locations, where the place is locked up when relevant employees not present, and the window not easily accessible from the outside. Computer security should be subject to appropriate certification. When the enterprise has to have someone sign agreement to keep some data confidential, such as medical claims against employee health care insurance, this commitment needs to be in some kind of corporate manual provided to all employees working with the security of the data. This way, we avoid some new employee on staff in HR or IT or other dept, who is ignorant of the corporate responsibilities. There also needs to be similar pledge through relevant vendors. If the enterprise needs some outside software firm working on computers that store confidential records, then that outside firm’s staff also need to share the same commitment to the security of those records. This is all common sense, or should be, to everyone working HR IT and management. The shame of it is that so many companies have not adhered to such common sense that we need laws to mandate such behavior.”