legally compliant

Data Breaches: An Employer’s Duty to Protect Employees’ Personal Information

By Aaron Wais

It is tax season, which means that criminals are busy trying to steal people’s tax information (e.g., names, addresses, social security numbers, income information), which they can use to file fraudulent tax returns and steal tax refunds.

As an employer, you likely maintain your employees’ tax information and, thus, are a target.  Indeed, criminals regularly target employers and hack their databases or pose as company executives and send a phishing email asking for all employees’ W-2s for accounting purposes.

As such, it is important to understand your duty to protect your employees’ personal information, as well as potential liability for failing to do so.  Most states, including California, make clear that employers have a legal duty to protect their employees’ personal information.  These courts also make clear that whether an employer has legally compliant, written policies for protecting private information and responding to data breaches will heavily inform whether and the extent of an employer’s liability for a data breach.

(more…)

Data Breaches: An Employer’s Duty to Protect Employees’ Personal Information

By Aaron Wais

An appellate court in Pennsylvania recently dismissed an employee class action against their employer over a data breach, holding that the employer did not have a duty to protect its employees’ personal information (e.g., names, birth dates, social security numbers, bank information, etc.).  While this was a significant victory for employers, non-Pennsylvania employers should temper their enthusiasm because courts in other states, including California, have made clear that employers do have a legal duty to protect their employees’ personal information. These courts have also made clear that the liability for a data breach differs when an employer has legally compliant, written policies for safeguarding private information and responding to data breaches in a timely manner.

(more…)