Last month, I wrote about the Home Depot credit card data breach and the importance of protecting company data.  But the issue of protecting employee data is far from new.

Back in 2011, one legal publication had this to say about employee data:

Employers collect a substantial amount of personal information about their employees. Companies need to be aware of their obligations under the profusion of data protection laws and regulations that govern the collection, use and transfer of personal information. This is an especially daunting task for companies that have operations subject to the laws of multiple jurisdictions, as requirements vary widely from country to country and even from state to state. …

Companies use employees’ personal information for a variety of purposes—from evaluating applicants during the hiring process to administering payroll and employee benefit plans to managing separation and other post-employment benefits. And as more employers adopt enterprise-level information management systems and outsource certain human resources administration functions, increasing amounts of personal data is being transferred and shared within and between organizations. Maintaining compliance with applicable data privacy laws is a responsibility employers cannot afford to overlook.

I couldn’t say it better myself.  But don’t take my word for it. There are a whole host of experts coming to speak later this month at a Data Privacy and Cybersecurity Summit that I’ve been planning.  People from companies like ESPN, UTC and GE. And respected government officials from the Connecticut Attorney General’s office and the FBI.

The summit is co-sponsored by my law firm, Shipman & Goodwin LLP and the Connecticut chapter of SHRM.  It is scheduled for October 16th at the Crowne Plaza in Cromwell, CT. You can register for it here. Don’t miss out.

Real hackers are more fearsome than this one.

Okay, okay.  I realize the headline is a bit misleading.  But it isn’t every day that you hear about a data breach at Home Depot in which 56 MILLION credit cards may have been hacked. To put that into perspective, that’s 16 million MORE than the infamous Target breach!

But this is an employment law blog, not a shopping one. So, why does this matter to human resources professionals and companies? Because if hackers can access credit card information, they are going to try to hack into your work files.

It isn’t a matter of “if”. It’s a matter of when they will attempt to do so.

Don’t take my word for it. This comes from the head of the military’s cybersecurity division.  Admiral Mike Rogers has been preaching for months of the need for companies to take data privacy and cybersecurity seriously.  A recent news post reported on the importance Rogers has placed on this area for private businesses.

Corporations must successfully deal with cybersecurity threats, because such threats can have direct impacts on business and reputation, Rogers told the business audience.“You have to consider [cybersecurity threats] every bit as foundational as we do in our ability to maneuver forces as a military construct,” he said.

I have little doubt you’ll hear a lot more about this at an upcoming Data Privacy and Cybersecurity Summit that I’ve been helping to put together here at Shipman & Goodwin, in conduction with CT SHRM.

It’s scheduled to be held on October 16, 2014 from 8a to 2p at the Crowne Plaza in Cromwell, CT.

The cost is just $75, which includes continental breakfast, coffee, buffet lunch, and the materials.  Full details as well as registration can be found here.

Speakers include myself, Shipman & Goodwin attorneys Scott Cowperthwait, Cathy Intravia and William Roberts as well as industry experts from Adnet Technologies, the Connecticut Attorney General’s office, ESPN, the FBI, FINEX North America, General Electric Company, JPD Forensic Accounting, Quinnipiac University, United Therapeutics Corporation, and United Technologies Corporation (UTC).

Hope to see you there. Register soon as spots have been filling up over the last week.

Last Thursday, I had the opportunity to speak at the Tri-State SHRM Conference held at Foxwoods Resort Casino.  The session was led by Marc Kroll of Comp360 and I thank him publicly for both the invitation and the coordination. But a post about the great work that HR consultants like Marc do is a topic for another post.

If there was a phrase that I’m sure HR personnel never thought they’d hear discussed at a Human Resources conference it would’ve been “data privacy”.  After all, shouldn’t that be something for a Information Technology summit?

But in presenting the topic: “Pirates of the Data Stream: HR’s Role In Securing Corporate Information” to a full room,  it confirmed what I had been seeing anecdotally — that HR personnel have an increasing role in making sure company data remains private.  I was approached aftewards by several people who appreciated the focus on the topic.

There were several suggestions we talked about in detail at the conference.  I’ll highlight just a few things we discussed:

  • Have a policy. Yes, it’s a cliche. But you still need one.  And make sure it’s workable.   Your policy is no good if no one follows it.
  • Train and educate your workforce (with particular emphasis on your senior executives) on the need to take reasonable steps to protect confidential company data.  This can’t just be for new employees, but needs to be an ongoing effort.
  • Audit yourself to determine where your data leakage is coming from. And don’t just focus on the electronic data; your personnel files in paper format still need to be secured as well.  Consider hiring a third-party to help find the holes in your data storage.
  • Use agreements with restrictive covenants that prohibit employee use of confidential data not only when the employee is working for you, but also when the employee leaves.

And lest you think that this is mere scaremongering, the headlines from this morning illustrate that this issue is continuing to move to the mainstream: Target’s CEO stepped down because of a massive data breach last fall.

Human Resources has a significant role to play in preserving company and employee data.  It’s time to begin the discussion at your company if you haven’t already.   If you need assistance in that endeavor, consult your lawyer or your favorite HR consultant.