States mandate protection of employee data
July 14, 2008 by Sam Narisi
Filed under: In this week's e-newsletter, Latest News & Views, Security and law
Filed under: In this week's e-newsletter, Latest News & Views, Security and law
It’s a new trend in state law: mandatory data protection policies.
Connecticut has just passed such a law, becoming the second state (after Michigan) to do so.
What does the new rule require? All employers must:
- create and post policy regarding social security numbers (the law doesn’t say what the policy needs to contain — just that it must keep social security data confidential and limit access to employees’ SSNs)
- safeguard against the misuse of “personal information” by third parties, and
- destroy personal info once it’s no longer needed and properly erase and dispose of electronic storage media that the company gets rid of.
Companies can be fined up to $5,000 dollars for intentional violations — those that they break the law unintentionally seem to be off the hook.
We’ll keep you posted as more states consider similar bills.
Comments
One Comment on States mandate protection of employee data
-
C Keag on
Tue, 15th Jul 2008 2:35 pm
It is my understanding that the State of California has had such a law or one similar on its books for awhile. Fines around $1,000 for each incident of employee information found negligently disposed of.
