W-2s

Data Breaches: An Employer’s Duty to Protect Employees’ Personal Information

By Aaron Wais

It is tax season, which means that criminals are busy trying to steal people’s tax information (e.g., names, addresses, social security numbers, income information), which they can use to file fraudulent tax returns and steal tax refunds.

As an employer, you likely maintain your employees’ tax information and, thus, are a target.  Indeed, criminals regularly target employers and hack their databases or pose as company executives and send a phishing email asking for all employees’ W-2s for accounting purposes.

As such, it is important to understand your duty to protect your employees’ personal information, as well as potential liability for failing to do so.  Most states, including California, make clear that employers have a legal duty to protect their employees’ personal information.  These courts also make clear that whether an employer has legally compliant, written policies for protecting private information and responding to data breaches will heavily inform whether and the extent of an employer’s liability for a data breach.

(more…)