Our colleagues over at the Privacy & Security Matters blog wrote a really good piece entitled “It’s Tax Time – Don’t be Phished,” which guides employers on how to avoid phishing scams during this tax season. It’s a must read because the targets of these scams are HR and payroll departments, and employer awareness is necessary not only to protect employees, but also because responding to one of these scam emails constitutes a reportable data breach under state laws.  Employers could have significant liability for failure to provide notice to employees and/or state regulators (where required).

 

Being connected to not just your friends, but their friends and their friends’ friends (it’s all six degrees of separation, right?) means that it’s become increasingly hard to stay anonymous when using an online dating platform.  Just ask one recent male user of OkCupid who made vulgar and inappropriate comments to a female user.  Her response?  Post the conversation and the man’s profile picture to her Facebook account.  He insulted her, she publicized him.  So far, there are no legal implications.

Her friend, an independent recruiter for tech startups, saw the post and recognized the man’s profile picture.  As it turns out, it was also his LinkedIn profile picture, and he had just applied for a position with one of her clients.  Her response?  Withdraw his application from consideration and tell him to treat women better online.  He insulted her friend, she withdrew his application for employment.  Here is where the criticism started.

The question: Can a recruiter reject a potential applicant based on inappropriate comments made on a dating site?

Continue Reading Inappropriate Social Media Activity Dooms Job Applicant’s Prospects

By Audrey Nguyen and Michael Arnold

California’s governor has signed into law a bill aimed at discouraging discriminatory age hiring practices in the entertainment industry.  The law focuses on internet websites identifying ages, but critics question whether the law is constitutional and if it will have any real impact.

Continue Reading New California Law Will Require Online Entertainment Database Sites to Remove Age-Based Information

Our sister blog, Privacy and Security Matters, has released an alert entitled, EU-US Privacy Shield to Launch August 1, Replacing Safe Harbor, which provides an overview of the new Privacy Shield requirements. Privacy Shield replaces Safe Harbor and provides a legal mechanism for transferring personal information from the EU to the US. In addition to summarizing key points of the Privacy Shield documents, the alert is also a guide for companies interested in certifying compliance with Privacy Shield.

Did you know that the world is now inhabited by creatures called Pokémon?  (Or maybe they’ve always been there?)  Some run across the plains; others fly through the skies; and some live in the mountains….and some, yes, some, are located right in your workplace.  Pokeman WorkplaceThrough the magic of downloading Pokémon Go to your smartphone, you too can see these creatures and catch them for some apparently critical scientific testing.

Employers not familiar with Pikachu, Charizard, and Lucario can rest assured – your employees are.  In less than one week, Pokémon Go became the most downloaded smartphone videogame ever, and employers are clamoring for advice on how to deal with a workforce that already seems sufficiently and consistently distracted.

Continue Reading Pokémon Go in the Workplace: Oh Look There’s a Pikachu!

From:     Ned Help

To:          Carrie Counselor

Date:      June 1, 2016

Subject:  Lost laptop containing European customer information

Carrie,

A couple of weeks ago, you wrote me about an employee who will be engaging in a six-month temporary assignment around Europe to scope market opportunities.   The employee was Abbie Absent-Minded.  Well, we hit a snag pretty quickly.  Abbie just e-mailed me to say that she left her laptop on a train in London last evening and it hasn’t turned up yet in the train company’s lost-and-found.  It was a brand-new laptop that we had given her for her European assignment, so fortunately it didn’t have a lot on it.  Abbie said that the laptop had contact information for her various marketing prospects, plus some sample customer data that she was given by one of her prospects to use in a demo of our web-based advertising product.  She thinks that the customer data included around 200 records with the customer’s name, age, gender, e-mail address and the history of purchases that the customer made from our prospective client’s retail stores.

I assume that we should tell our prospective client that the laptop with their customer data was lost.  What else do we need to think about?

Thanks,
Ned

Continue Reading Innocents Abroad: My Employee Lost a Laptop With Customer Data

While many employers shifted some of their focus to the new overtime rules in the past couple of weeks, cybersecurity remains top of mind for most.  The reason?  Because the number one threat to a company’s information (personal or confidential) is still its own employees.

Data security and privacy training are the first lines of defense against negligent employee behavior.  Thus, our colleague, Cynthia Larose, the Chair of Mintz’s Privacy & Security Practice, thought it prudent to put together a webinar on this very issue.

Join Cynthia and Kirsten Liston, SVP of Product & Market Strategy at ThreatReady Resources, as they explore why traditional training programs are falling short and what you can do to boost your efforts and counter top concerns regarding malicious and negligent employee handling of personal and confidential data.

The webinar will take place on Wednesday, June 22, 2016 at 1PM EST.  You can register here.  We hope you’ll join us.

Last week, the U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) issued a final rule aimed at updating the way it collects data and preventing workplace injuries and illnesses.  The final rule can be broken down into two parts: (1) Electronic Reporting and Data Collection; and (2) and Employee Involvement and Retaliation, each of which we discuss below.

Continue Reading OSHA’s New Electronic Reporting and Retaliation Rules Will Make Your Company’s Workplace Injury Reports Accessible to the Public

From:             Carrie Counselor

To:                  Ned Help

Date:              May 19, 2016

Subject:         RE: Privacy considerations for employees working abroad

Dear Ned,

I understand that one of your employees will be engaging a six-month temporary assignment around Europe to scope market opportunities, and you’d like to have a better understanding of what to be thinking about in terms of privacy.  Great question!  This is an area where many employers struggle because other jurisdictions protect privacy and personal data quite differently than we do here in the United States.

Continue Reading Innocents Abroad: Privacy considerations for employees working abroad

Everyone loves a good courtroom drama.  So just imagine this pitch: henchmen of an evil dictator hack their way into a movie studio computer system.  Once inside, they steal the most sensitive personal information of the studio’s stars, executives and employees.  Their most intimate secrets, spilled over the Internet.  Who can help these poor souls?  Why, the brave and hard working class action lawyers, that’s who.  Through grit, pluck and lawyerly derring-do, our intrepid heroes soon bring the evil wrongdoers to justice.  Think “The Manchurian Candidate” meets “Erin Brockovitch”.

But real life is rarely like the movies, even when it involves the movies.  Yes, Sony Pictures Entertainment (“SPE”) did suffer a cyberattack that disclosed employees’ personally identifiable information (“PII”).  The data breach was allegedly perpetrated by North Korean hackers in retaliation for SPE’s release of “The Interview,” a satirical comedy depicting an attempt on the life of North Korean dictator Kim Jong-Un.  And class action litigation predictably followed.  But the evil wrongdoers who faced the wrath of class counsel?  Alas, the hackers were inconveniently beyond the reach of our legal system and, thus, unavailable to answer for their crime.  So SPE, the studio victimized by the hack, would have to do.

And the result of this drama?

Continue Reading It’s A Wrap! Sony Pictures Data Breach Case Settles Without A Hollywood Ending For The Plaintiff Class