States mandate protection of employee data
July 14, 2008 by Sam NarisiPosted in: In this week's e-newsletter, Latest News & Views, Security and law
It’s a new trend in state law: mandatory data protection policies.
Connecticut has just passed such a law, becoming the second state (after Michigan) to do so.
What does the new rule require? All employers must:
- create and post policy regarding social security numbers (the law doesn’t say what the policy needs to contain — just that it must keep social security data confidential and limit access to employees’ SSNs)
- safeguard against the misuse of “personal information” by third parties, and
- destroy personal info once it’s no longer needed and properly erase and dispose of electronic storage media that the company gets rid of.
Companies can be fined up to $5,000 dollars for intentional violations — those that they break the law unintentionally seem to be off the hook.
We’ll keep you posted as more states consider similar bills.
Tags: Connecticut, data protection, employee data protection bill, ID theft, personal information, social security numbers, SSN, state law
July 15th, 2008 at 2:35 pm
It is my understanding that the State of California has had such a law or one similar on its books for awhile. Fines around $1,000 for each incident of employee information found negligently disposed of.