And Alabama makes 50: Data breach map is now complete
By: Ann Potratz
Publication: Employment Law Today
Date Posted: 09/21/2018
Beginning with California in 2002, states have been increasingly focused on data security. In June, Alabama became the 50th state to enact a data breach law, completing a complicated patchwork of state regulations that dictate everything from how companies must store sensitive data to how many days they have to notify victims following a breach.
Given recent headlines about a string of high-profile data breaches at big-box retailers, it’s easy to assume these laws were created to protect customers, not employees. However, in most states, any entity that collects and owns personal data is subject to enforcement — even small employers with the data of a handful of employees must adhere to the same guidelines as huge national corporations with the data of millions of customers.
Are you collecting too much?
When creating online job applications, most employers don’t think twice about requesting extensive personal information, from social media profiles to social security numbers. After all, more detailed information equals more insight into candidates, right? And presumably, more insight equals better hiring decisions.
However, not only are there restrictions on what type of data can be collected, storing such information electronically adds another layer of risk. As states continue to pass increasingly tough laws, employers may need to reassess the types of data they collect and when.
Instead of loading an online employment application with every question you can think of, try asking less. It might seem counterintuitive, but consider what you’re really looking for up front, and make sure each field has a distinct purpose. Many applicants will be weeded out immediately because they lack basic qualifications, such as years of experience, and you won’t need further personal details to make that decision.
The result of a shorter initial application is win-win. Your company ends up storing less sensitive (and irrelevant) data, and potential applicants are met with a much more straightforward initial application process.
Consider your compliance
Companies that don’t ask extensive personal questions on job applications are still at risk when it comes to personnel data, given that sensitive employee information is now handled almost exclusively electronically (think bank routing numbers, tax details, even biometric data like fingerprints and facial scans).
As technology adapts, so should your approach to data storage. Check to see if your state, or a state in which you do business, has recently updated its laws regarding data protection. Even if it hasn’t, regularly assessing how you handle your employees’ sensitive data is the first step in keeping it safe.
Key to remember: State data breach laws continue to evolve, with many becoming stricter and more complicated. Consider collecting only the necessary data, and stay up-to-date on your state’s regulations.
You may also enjoy the following articles:
Stop your complaining, supervisors
At review time, do you under- or overrate employees?
Recouping wage overpayments
This article was featured in the Employment Law Today Newsletter.
The Employment Law Today newsletter Explains why you need to care, what you need to do, and how your business could be affected by HR industry news and hot topics. Click here to sample this newsletter for free.