Home

About Us
       Company Facts
       Staffing Services 
       Office Locator
       Internal Snelling Jobs 

Job Seekers
       Search Jobs 
       Job Placement Types
       Resource Center 
          Test Your Interview IQ
          Employee Information
          Información de empleado
       Blog
       Thrive America

Employers
       Search Candidates
       Our Qualification Process
       Professional Services
       Articles of Interest
       Blog

Blogs

Contact Us
 
 
Return to the list of Articles
Data Breach Laws

There is a new category of employment-related privacy legislation that companies must pay attention to – data breach notification laws. 

Complying with laws on sensitive employee information is not new for employers, however, many employers and HR staff have been slow to recognize data breach laws. At least twenty-two states and New York City have followed California’s lead by enacting laws requiring businesses to inform individuals of any security breach involving their personal data that is useful in ID theft and financial fraud. 
 
Some important aspects of the breach notification laws are worth noting:
 
  • The laws typically do not apply to all compromises of personal data, but only to those involving Social Security numbers, driver’s license numbers, bank and credit card numbers.
  • The laws typically do not apply at all if the covered data was encrypted.
  • The laws apply equally to improper and unauthorized exposures outside the company and those that occur internally.
Employers need to recognize that it is highly likely that a data breach will happen unless precautions are taken. The following steps should help minimize the likelihood of legal exposure from a breach.
 
  • To the extent possible, do not store data elements specified in breach notification laws. 
  • If it is necessary to store these elements, such as Social Security numbers, segregate the data from other data sets. Strictly limit access to the data, audit access to this data and transmit the data in an encrypted format.
  • Avoid using data elements in user IDs, badges or in mailings. Even the last four digits of a Social Security number should be avoided.
  • Do not store data elements any longer than needed and destroy them in a secure manner when they are no longer needed.
  • Ensure that your current policies, training and agreements address the particular risks and legal obligations involved in handling data elements.
Data breaches can happen to any organization. Prudent companies should do what they can to minimize their risks of breaches, and to prepare for them should they happen.
 

 
Return to the list of Articles
 
Login
Copyright © 2006-2009 Snelling Staffing Services | User Agreement | Site Map | Contact Us