An Employer's Obligation During a Data Breach or Hack
Print this Article | Send to Colleague
Q: With the data breach at Equifax, and the fact that, as employers, we maintain a lot of confidential employee information – such as social security numbers, addresses, age, date of birth and dependent information – what is our obligation to keeping that information safe?
A: Whether your company owns, licenses or merely maintains personal information about your employee (such as name, address, date of birth, SSN, driver’s license number, bank account information, etc.), nearly every state has requirements on when and how affected individuals must be notified of a breach, and many states also require notification be made to state attorneys general, consumer protection agencies, national credit bureaus, and perhaps even the media. Employers who suspect personal information about employees may have been compromised should immediately contact legal counsel.
It’s also important to note that if you outsource payroll and benefits to a third party, such as a PEO or a company like Paychex, their obligation is to notify you, not necessarily your employees, in the event of a data breach. In such cases, you should also contact legal counsel to assess your obligations.
