As discussed in an earlier post, shortly after the United States Postal Service reported a data breach potentially affecting hundreds of thousands of employees, the American Postal Workers Union filed an unfair labor practice with the National Labor Relations Board alleging the Postal Service should have bargained with the union over the impact and
Employee Apps = Employer Data Risk?
Many mobile app developers do not place a high priority on data security, as illustrated by a recent IBM/Ponemon study:
- Fifty percent of mobile app developers have no budget for security.
- Forty percent of companies don’t scan mobile app codes for vulnerabilities.
- The average company tests less than half of the apps it builds
Illinois Attorney General Seeks Stronger Data Breach Notification Law, Requirement to Safeguard Personal Information
Reacting to a report that identity theft was a top concern for Illinois residents (second in a list of ten), Attorney General Lisa Madigan announced a legislative proposal to strengthen the state’s existing data breach notification law. The call for stronger breach notification laws is a trend that has emerged in other states, such as
Secretary in Germany Successfully Challenges Employer’s Monitoring…Is Your Monitoring Program Defensible?
According to a report by Deutsche Welle, the German Federal Labor Court held that employers may monitor employees only when they have concrete suspicions of wrongdoing that are based on fact. In the U.S., the standards for engaging in monitoring employees may not be quite that high, but employers should be thinking about whether
Employer FAQs: Responding to the Anthem Breach
The first massive data breach of 2015 hit one of the country’s largest insurance issuers, Anthem, Inc., including Anthem Blue Cross and Blue Shield and other related entities (Anthem). The incident reportedly affected over 80 million persons who are or were covered under a policy or program insured or serviced by Anthem. The personal note
Top 15 for 2015 – Happy National Data Privacy Day
In honor of National Data Privacy Day, we provide the following “Top 15 for 2015.” While the list is by no means exhaustive, it does provide some hot topics for businesses to consider in 2015.
- Inside Threats for Healthcare Providers and Business Associates. While news reports of security risks often focus on hackings and breaches
FTC Announces “Concrete Steps” for IoT Privacy and Security
As the vast array of internet-connected devices mushrooms, and technologies permit those devices to communicate with one another, calls for privacy and security can be heard. On the heels of a recent victory in the ongoing LabMD case, the Federal Trade Commission (FTC) announced yesterday “concrete steps” businesses can take to enhance the privacy
Data Security in 2015 for Banks, HIPAA Covered Entities, and Small Businesses Too
Some have called 2014 the “Year of the Data Breach.” That may be true given the steady stream of large-scale data breaches affecting tens of millions of individuals. We do not know if this time next year commentators will be saying the same thing about 2015, but there are signs pointing to a
“Employees Must Be Permitted To Use Company Email for Statutorily Protected Communications” -NLRB
We reported earlier that the National Labor Relations Board had been considering changing its previous position that “employees have no statutory right to use the[ir] Employer’s e-mail system for Section 7 purposes.” The NLRB’s position in this regard was established in 2007, under the NLRB’s ruling in Register Guard. Today, in Purple Communications Inc.
Does the Secret Service Need a BYOD Policy? Addressing Personal Device Usage in the Workplace
According to a November 13, 2014 article in the New York Times (based on a review by the Department of Homeland Security), an intruder was able to enter the White House back in September due to a succession of performance, organizational, and technical failures. One of the specific findings was that:
“Omar Gonzalez, the man