Dan Klein Published in Insights "Data Security Breaches: Are Your Human Resources Policies Equipped to Avoid and/or Repair the Damage?"

Dan Klein’s article published in the Spring 2008 issue of Insights reported on how the Massachusetts Data Security Law and Proposed Regulations will impact human resources policies for any employer handling the personal information of Massachusetts residents, as well as data security policies for employers as a whole.

Dan observed, “Given the increasing sophistication of cyber thieves and the prominence of identity theft schemes, preventing or limiting the scope of such data disasters has become a top priority for many employers.” Human resource professionals need to know the best ways to both protect information about their employees and to comply with the various state laws that now exist to combat the problem. In his article, Dan noted the Federal Trade Commission’s five basic steps to data security for employers, which include: knowing what type of personnel information you have; scaling down data to only what the organization needs; employing stringent data security protection practices, both electrical and practical; employing proper data destruction practices; and planning ahead for a breach.

Dan further noted that, upon a data security breach, “Under the Massachusetts law, victims must be informed of their rights to obtain a police report about the incident and their right to institute a security freeze on their credit and other information.”

Dan concluded, “Employers should further consider establishing a policy and procedure that requires its managers and employees to promptly report data security breaches. Employees should receive training on this requirement and the reporting procedure, and employers should establish a company protocol or action plan for responding promptly upon receiving a report of a data security breach.”