V. 33 SYMPOSIUM (TECHNOLOGY IN THE WORKPLACE) – RECAP OF PANEL NO. 3

By Briana Longo

The Spring 2016 Hofstra Labor & Employment Law Journal annual symposium focused on technology in the workplace. The three different panels, as well as the keynote speaker, spoke on the growing use of technology in various areas of employment, and how smart phones and social media in particular pose problems for both the employee and employer. The third panel, made up of three highly respected and knowledgeable attorneys, discussed cyber security and electronic employment records.  Ms. Melissa Krasnow, Ms. Jessica C. Moller, and Mr. Steven C. Sheinberg explained the importance of protecting valuable information in the off chance there is a cyber breach, and what employers, and employees, should do if it happens.[1]

With the growth of technology, cyber crimes have become more common, so concerns about security of personal information have also become prevalent. Most cyber breaches originate from within the company.[2]  Employees are mere negligence are the leading cause of security leaks.[3]  Employers, and some employees, are privy to confidential employee information, and are at risk for unauthorized access and disclosure of this information.[4]  Computer servers hold massive amounts of personal employee information, that if exposed, could be detrimental to the lives of employees.  Servers hold various employees information including: bank account information, social security numbers, and e-mail information.[5]   In the event of a breach, a problem arises for the employer because an employer has an obligation to its employees to maintain the best practices to secure employee information, and help those that are affected.[6]

What can employers do to protect employee’s private information?

Employers must have knowledge of and access to information and otherwise confidential data regarding their employees, but must also protect the confidentiality of such data.[7]

In New York, employers are prohibited from publically displaying, printing, or communicating an employees social security number, and cannot require the disclosure of the social security number.[8]  Additionally, employers must take reasonable measures to ensure that no other employee has access to the information.[9]  New York also prohibits employers from requiring fingerprinting as a condition of employment, but allow biometric scanners if it is being used to record time.[10]  However, if the biometric scanner traces any sort of fingerprint, under New York law, it is illegal.[11]

Additionally, various federal statutes, such as HIPAA and FMLA, place limits on an employer’s ability to obtain medical information about their employees, unless part of employment records, such as doctor’s notes submitted to excuse absences from work.[12]

What can be done in the event of a cyber breach, and to help those affected?

In the event of any breach, Melissa Krasnow recommends to call the United States Secret Service and let them know what has occurred.[13]  While there is no federal law combatting cyber breaches, forty-seven states have breach notification laws.[14]  The state laws are constantly being updated to protect more and more.[15]

The laws continue to be amended to “(1) provide for notification of a state attorney general or regulator about a breach in addition to affected individuals, (2) cover breaches involving personal information in both electronic and paper formats, and (3) address identity theft prevention and mitigation services.”[16]   Specific breach notification laws vary, from requiring notification to the state attorneys general where the breach affects more than 250 individuals or 250 residents, to 500 residents. [17] However, in New York, the law requires notification of a breach to a state attorney regardless of the number of affected individuals.[18]  Additionally, in the event of a breach involving personal information in electronic and paper format, eight states, that does not include New York, have laws requiring notification to an attorney general in addition to notifying the affected individual.[19]  Lastly, Connecticut requires there be identity theft prevention, and, if applicable, identify theft mitigation services to each resident who was breached, and Rhode Island requires there be credit monitoring available for its affected residents, but New York does not have any law that requires any theft prevention or mitigation services.[20]

To protect your data from suffering a cyber breach, the panel recommends to:

  • gather all protected information;
  • encrypt all data;
  • segregate different data on separate networks;
  • give out private information out strictly on a need to know basis;
  • monitor network traffic;
  • update software;
  • and have a good cyber security insurance policy. [21]

 

[1] Melissa Krasnow is a partner at Dorsey & Whitney LLP. Jessica C. Moller is a member of Bond, Schoeneck & King PLLC. Steven C. Sheinberg is the General Counsel and Senior Vice President of Privacy and Security at the Anti-Defamation League.

[2] Steve Sheinberg, Compromised by Insiders, Workplace Tech Law Blog (Apr. 15, 2015) https://workplacetechlaw.com/2015/04/13/compromised-by-insiders/.

[3] Id.

[4] Jessica C. Moller, Member, Bond Schoeneck & King, Speaker at Hofstra Labor & Employment Law Journal Symposium: Technology in the Workplace (Apr. 15, 2016).

[5] Steven C. Sheinberg, General Counsel and Senior Vice President of Privacy and Security at the Anti-Defamation League, Speaker at Hofstra Labor & Employment Law Journal Symposium: Technology in the Workplace (Apr. 15, 2016).

[6] Id.

[7] Jessica C. Moller, Member, Bond Schoeneck & King, Speaker at Hofstra Labor & Employment Law Journal Symposium: Technology in the Workplace (Apr. 15, 2016).

[8] New York Labor Law § 203-d

[9] Id.

[10] Id.

[11] Id.

[12] Jessica C. Moller, Member, Bond Schoeneck & King, PLLC, Speaker at Hofstra Labor & Employment Law Journal Symposium: Technology in the Workplace (Apr. 15, 2016). See also 42 U.S.C. §300gg; 42 U.S.C. § 1320d; 29 U.S.C. § 1181.

[13] Melissa J. Krasnow, Partner, Dorsey & Whitney, LLP, Speaker at Hofstra Labor & Employment Law Journal Symposium: Technology in the Workplace (Apr. 15, 2016).

[14] Id.

[15] Id.

[16] Melissa J. Krasnow, State Breach Notification Laws Continue to Change, IRMI (June 2015).

[17] Id.

[18] Id.

[19] Id.

[20] Id.

[21] Steven C. Sheinberg, General Counsel and Senior Vice President of Privacy and Security at the Anti-Defamation League, Speaker at Hofstra Labor & Employment Law Journal Symposium: Technology in the Workplace (Apr. 15, 2016).

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: