Privacy Protection and Data Breaches: HR Tip of the Month

Recently posted at the National Law Review by Trent S. Dickey , David H. Ganz, and Jill Turner Lever  of Sills Cummis & Gross P.C.  – some important things for employers in New York and New Jersey to consider about identity theft of their employees’ information as well as their customers information:  

Identity theft is a major concern for employers who are routinely entrusted with private information of employees and customers, especially in the electronic age, where improper use of such data can have widespread ramifications.  According to the Federal Trade Commission (FTC), each year as many as 9 million Americans have their identities stolen. Is your company prepared to address a data breach?

Federal law and many state laws require employers to safeguard private information.  For instance, the Fair Credit Reporting Act requires companies to take appropriate measures to dispose of sensitive information derived from consumer reports.  If a company becomes aware of a data breach, the FTC also instructs it to immediately report the breach to the local police department, the local office of the FBI, or the U.S. Secret Service, and then to provide notice to individuals whose information was compromised to allow those individuals to take steps to mitigate the misuse of their personal information.  Many state laws also require that notice be provided upon discovery of a breach.

New Jersey has enacted the Identity Theft Prevention Act (ITPA), which requires any business that lawfully collects and maintains computerized records to disclose to the New Jersey State Police and to any New Jersey customer (broadly defined to include an individual who provides personal information to a business, including employees) when that customer’s personal information was or may have been accessed by an unauthorized person.  In the case of a large scale breach, businesses are also required to report to consumer reporting agencies.  In addition, the ITPA regulates the use of social security numbers as identifiers, prohibits the display and usage of social security numbers on printed materials except where required by law, and requires the destruction of records containing personal information when no longer needed.

Similarly, the New York State Information Security Breach and Notification Act requires companies who own or license computerized data to provide prompt notification following the discovery of a breach to any New York resident whose private information was, or may have been, acquired without authorization. The New York State Social Security Number Protection Law regulates the handling of social security numbers and requires covered persons and entities to provide safeguards “necessary or appropriate” to preclude unauthorized access to social security account numbers and to protect the confidentiality of such numbers.

Employers must be prepared to continuously protect information.  Best practices dictate that employers prepare guidelines for safeguarding private information.


This Alert has been prepared by Sills Cummis & Gross P.C. for informational purposes only and does not constitute advertising or solicitation and should not be used or taken as legal advice. Those seeking legal advice should contact a member of the Firm or legal counsel licensed in their state. Transmission of this information is not intended to create, and receipt does not constitute, an attorney-client relationship. Confidential information should not be sent to Sills Cummis & Gross without first communicating directly with a member of the Firm about establishing an attorney-client relationship.    

Copyright © 2011 Sills Cummis & Gross P.C. All rights reserved.

Published by

jschaller@natlawreview.com

A group of in-house attorneys developed the National Law Review on-line edition to create an easy to use resource to capture legal trends and news as they first start to emerge. We were looking for a better way to organize, vet and easily retrieve all the updates that were being sent to us on a daily basis.In the process, we’ve become one of the highest volume business law websites in the U.S.

Today, the National Law Review’s seasoned editors screen and classify breaking news and analysis authored by recognized legal professionals and our own journalists. There is no log in to access the database and new articles are added hourly.

The National Law Review revolutionized legal publication in 1888 and this cutting-edge tradition continues today.