The facts:

An employee was involved in a class action suit against the company involving a pay discrimination claim. The attorney representing the plaintiffs asked the employee to send any and all documents related to the case so they could be submitted as evidence. For some unexplained reason, the docs the employee sent included confidential information about the company’s customers. When the company found out, it fired her for violating its privacy policy. She sued for retaliation, claiming she was fired because of her involvement in the equal pay suit.

The employer said:

The termination wasn’t retaliatory. The documents she turned over had nothing to do with the lawsuit, and by releasing them, she posed a threat to the customers’ privacy.

Who won the case?

Answer: The employer.

Why: The court ruled that just because she was participating in a lawsuit while she turned over the documents didn’t mean she was protected from discipline when breaking the company’s privacy policy.

Since releasing them was completely unnecessary and unrelated to the lawsuit, firing her for doing it couldn’t have been considered illegal retaliation,

Cite: Niswander v. Cincinnati Insurance Co.

Connecticut has just passed such a law, becoming the second state (after Michigan) to do so.

What does the new rule require? All employers must:

• create and post policy regarding social security numbers (the law doesn’t say what the policy needs to contain — just that it must keep social security data confidential and limit access to employees’ SSNs)
• safeguard against the misuse of “personal information” by third parties, and
• destroy personal info once it’s no longer needed and properly erase and dispose of electronic storage media that the company gets rid of.

Companies can be fined up to $5,000 dollars for intentional violations — those that they break the law unintentionally seem to be off the hook.

We’ll keep you posted as more states consider similar bills.

The FBI has just released a warning about a new e-mail scam going around. Apparently, folks are asking for donations to help victims of the recent earthquake in China — and using the info they get to carry out identity thefts.

To stay safe from this and other scams, the FBI recommends:

• Never respond to unsolicited e-mail.
• Be skeptical of any organization that communicates via unsolicited e-mail.
• Make donations directly to recognized organizations.
• Don’t provide personal or financial information to anyone asking for donations — they probably don’t need it.

What pieces of paper is causing a lot trouble? Answer: undeliverable W-2s.

IRS regs require companies to keep undeliverable W-2s for four years. That means after a few years, the documents quickly pile up — often in boxes — and it can be hard to keep all that paper secure.

One solution many companies are turning to: scanning the docs into electronic files and shredding the originals.

That puts all the forms in once place without taking up any physical space, and makes it easier to keep them secure.

What’s the latest method fraudsters have for extracting victims’ personal information?

Pretending to be the IRS.

A rash of phony e-mails have been appearing lately that claim to be from the tax agency. Typically they ask the recipients for Social Security numbers or bank account info, saying they need it to properly process refund checks.

Other scams tell readers they’re being investigate for tax fraud and ask them to click a link for more information — but doing so installs a virus on the victim’s computer.

The government warns people to be suspicious of all e-mails claiming to be from the IRS, because

1. the agency doesn’t typically commuting through unsolicited e-mails, and
2. they wouldn’t ask taxpayers for secret, personal information.

The IRS asks that phony e-mails be forwarded to phishing@irs.gov