Print Page   |   Contact Us   |   Sign In   |   Join NPTA
Search goNPTA
News & Press: Affinity HR Group Resources

Q&A: An Employer's Obligation During a Data Breach or Hack

Tuesday, October 17, 2017   (0 Comments)
Posted by: Allison Hudson
Share |

Question

With the data breach at Equifax, and the fact that, as employers, we maintain a lot of confidential employee information – such as social security numbers, addresses, age, date of birth and dependent information – what is our obligation to keeping that information safe?

Answer

Whether your company owns, licenses or merely maintains personal information about your employee (such as name, address, date of birth, SSN, driver’s license number, bank account information, etc.), nearly every state has requirements on when and how affected individuals must be notified of a breach, and many states also require notification be made to state attorneys general, consumer protection agencies, national credit bureaus, and perhaps even the media.  Employers who suspect personal information about employees may have been compromised should immediately contact legal counsel.

It’s also important to note that if you outsource payroll and benefits to a third party such as a PEO or a company like Paychex, their obligation is to notify you, not necessarily your employees, in the event of a data breach.  In such cases, you should also contact legal counsel to assess your obligations.

 

more Events

3/11/2018 » 3/13/2018
Paper2018

Association Management Software Powered by YourMembership  ::  Legal