|
April 8, 2009 |
Schiff Hardin Labor and Employment Alert New York has joined a growing number of states that have enacted laws intended to protect employees from identity theft. In effect as of January 3, 2009, the Employee Personal Identifying Information Law (New York Labor Law ý 203-d) imposes more stringent requirements on employers in collecting, maintaining and disclosing the personal information of their employees. Specifically, employers are required to prevent unlawful disclosures of an employee's personal identifying information to the public. "Personal identifying information" is broadly defined to include an employee's social security number, home address or telephone number, personal e-mail address, Internet user name or password, parent's surname prior to marriage, or driver's license number. In addition, the New York statute restricts an employer's use of social security numbers. Employers are prohibited from:
The statute mandates that employers affirmatively implement mechanisms to safeguard against the use of employees' personal identifying information and to inform employees of their rights under this new law. Employers face civil penalties of up to $500 per violation for any "knowing" violation of these provisions. Importantly, an employer's failure to advise employees of these provisions, or failure to put policies and procedures in place to safeguard against a violation, is presumptive evidence of a "knowing" violation. The New York statute is part of a nationwide trend addressing the issue of identity theft in the workplace, particularly with regard to social security numbers. Laws regarding employee personal information vary from state to state, so employers should investigate whether their policies comply with applicable state law. In California, for example, businesses are restricted in their use and disclosure of social security numbers. Moreover, certain businesses are required to use safeguards to ensure the security of a broader class of personal information, defined as a name plus social security number, driver's license number, or financial account number. In addition, businesses that collect and maintain personal information are required to notify all affected individuals in the event of a security breach. The Illinois legislature has enacted similar laws protecting consumers' social security numbers, and requiring notification if unauthorized persons may have accessed consumer personal information. In light of the New York statute's requirement that employers actively safeguard against violations of the law, employers are advised to review their privacy policies and procedures, and make certain that all required notices are properly communicated to employees. Schiff Hardin attorneys are available to assist with reviewing and revising employer privacy policies. ABOUT SCHIFF HARDIN LLP Schiff Hardin represents management in labor matters and employment-related litigation, and provides counsel to employers with respect to all legal aspects of employer-employee relations. Our firm's labor law practice encompasses both the private sector and the public sector for large and small employers in a broad range of markets and industries. For more information, please feel free to contact us. RECENT LABOR AND EMPLOYMENT PUBLICATIONS
"WARNing Signs in a Slumping Economy: What is Proper Notice in a RIF?," Labor and Employment Update (March 23, 2009) |
