DISCLAIMER Is this your Organizations Data Is this your - - PowerPoint PPT Presentation

DISCLAIMER

Is this your Organization’s Data Is this your Organization s Data Privacy Strategy?

Is this your Organization’s Social Is this your Organization s Social Media Policy?

Mitigating the Social Media and Data Mitigating the Social Media and Data Privacy Exposures Facing Employers

Social Media and data privacy issues are still at a very early stage

i l di l i d Social Media Explained

I need to go to the bathroom I went to the bathroom I went to the bathroom This is where I am going to the bathroom Why am I going to the bathroom Look at me going to the bathroom I’m good at going to the bathroom

Two interns discussing Social Media ROI

Where Data Privacy and Social Media Collide

The Severity Index looks at the magnitude of breaches in the last 90 days- Severe (Red) signifies over 10,000,000 records have been

• breached. (9/12/2011)
• breached. (9/12/2011)

h i i What is Private Data

• Can come in many forms, but State and FTC

typically have jurisdiction I W hi P l Id ifi bl I f i

• In Washington Personal Identifiable Information

(PII) is defined as:

An individual’s first name (or initial) and last name – An individual s first name (or initial) and last name combined with one of the following:

• Social Security Number

y

• Driver’s License Number
• State ID Card Number

k / di d/ bi d b

• Bank Account/Credit Card/Debit Card Number

Privacy & Security Defined by Bureau Privacy & Security Defined by Bureau

• f Consumer Protection/FTC
• Behavioral Advertising
• Children's Online Privacy
• Credit Reports
• Data Security

Data Security

• Gramm-Leach-Bliley Act
• Health Privacy
• Health Privacy
• Red Flag Rules

h i l d i i Behavioral Advertising

hild ’ li i Children’s Online Privacy

The Children’s Online Privacy Protection Act (COPPA) gives parents control over what (COPPA) gives parents control over what information websites can collect from their children. children.

di Credit Reports

• Does your business use credit reports to evaluate

customer’s credit worthiness? Do you consult credit reports when considering evaluating applications for jobs, leases, and insurance?

i Data Security

• Many companies keep sensitive personal

information about customers or employees in information about customers or employees in their files.

• 46 States have “Security Breach” Legislation
• 46 States have Security Breach Legislation

(Including WA and CA).

h lil Gramm-Leach-Bliley Act

l h i Health Privacy

• Does your business or organization have a

website that allows people to maintain their medical information online? medical information online?

• If you are a Health Care Provider, a Health Plan or

a Health Care Clearinghouse you must be aware a Health Care Clearinghouse, you must be aware

• f HIPAA

d l l Red Flag Rules

• The Red Flags Rule requires many businesses and
• rganizations to implement a written Identity

Theft Prevention Program designed to detect the Theft Prevention Program designed to detect the warning signs – or red flags – of identity theft in their day-to-day operations. y y p

i d l Recent Privacy Study Results

• Verizon 2010 Data Breach Investigations Report in

cooperation with the United States Secret Service

• Ponemon Institute 2010 Annual Study
• Ponemon June 2011 Perceptions About Network

p Security

l Survey Results

• Small To Mid-Size businesses are increasingly at

risk.

– 50% of reported breaches occurred at organizations with less than 1000 employees 2 % f b h i d b i i – 27% of breaches were experienced by organizations with less than 100 Cost and number of malicious attacks are increasing – Cost and number of malicious attacks are increasing

Number of Successful Network Number of Successful Network Security Breaches over 12 Months

f i h Cost of a Security Breach

What is the Source of a Security What is the Source of a Security Breach

i i Data Privacy Best Practices

• Understand the Federal and State laws that apply to your organization;

Perkins Coie provides a fantastic resource.

• Understand what personal information you have in your files and on your
• computers. Consider using a 3rd party resource.

p g p y

• Keep only what is necessary for your business operations.
• Properly protect the information you keep. Consider a 3rd party network

security audit. l d f h l d l d f l

• Properly dispose of what you no longer need including paper files,

electronic files, computer hard drives, etc.

• Plan ahead by creating a plan to respond to security incidents.
• Consider a comprehensive data privacy/media liability insurance policy to

Consider a comprehensive data privacy/media liability insurance policy to transfer the risk. Here is an article that may be of interest: http://www.psfinc.com/press/data-liability-challenges-facing-employers FTC Guide: Protecting Personal Information A Guide for Business FTC Guide: Protecting Personal Information – A Guide for Business

i l di i h k l Social Media in the Workplace

h i i l di ? What is Social Media?

“Web sites and other online means of communication that are used by large groups of people to share information and to develop social and professional contacts”

“Social media introduce substantial and pervasive p changes to communication between organizations, communities, and individuals enabled by ubiquitously accessible and ubiquitously accessible and scalable communication techniques” techniques

• Jan Kietzmann, et al

Jan Kiet mann, et al

Cases

“A women lost a job offer at Cisco because of something A women lost a job offer at Cisco because of something she said on Twitter”

• MSNBC, March 27, 2009

“An office worker was fired after her employer discovered her sex blog.”

• Inc., May 4, 2010

Inc., May 4, 2010 “A waitress was fired for venting about a customer on Facebook” I M 25 2010

• Inc., May 25, 2010

“Labor Panel to press Reuters over reaction to Twitter post” p

• New York Times, April 6, 2011

Facebook 5 Online Office Gossip

Employer: Hispanics United of Buffalo

• An employee posted on Facebook comments a co
• An employee posted on Facebook comments a co-

worker had made about other employees.

• Other employees responded, and included

p y p , comments about working conditions.

It happens all the time, right?

Employer Terminates employees for harassment Employer Terminates employees for harassment based on Facebook postings.

“It doesn’t take much to establish the concerted It doesn t take much to establish the concerted nature of the discussion, so long as it involved or touched upon a term or condition of touched upon a term or condition of employment”

• NLRB Hartford Regional Director

NLRB Hartford Regional Director

l i Conclusion

September 2, 2011 Unlawful Termination Mandatory Reinstatement Payment of Back Wages

d i Broader Conversation

NLRB filed complaints against Register Guard (2007) case NLRB filed complaints against Register Guard (2007) case

• “Employer can lawfully impose a broad ban on employee’s

use of corporate e-mail system for solicitations and other non-business reasons as long as the policy on its face does non-business reasons as long as the policy on its face does not discriminate against union activity and is enforced in a non-discriminatory manner”

– Littler May 2 2011 Littler, May 2, 2011

• “Could severely restrict employers ability to regulate social

media activity while using corporate electronic resources.”

– Littler May 2 2011 Littler, May 2, 2011

• “Court of Appeals overturned Board’s determination, status

uncertain.”

– NLRB Website July 26 2011 NLRB Website, July 26, 2011

Employees Representing Your Employees Representing Your Company in Social Media

• Include Social Media Policy in Employment Agreement
• Incl de Social Media Polic in Emplo ee Handbook
• Include Social Media Policy in Employee Handbook
• Create an online disclosure
• Educate employees about Common Sense!
• Post it!
• Refresh it!

• Transparency
• Disclaimer
• Outline Disciplinary Actions

H t l l

• Have a support level

employee review online presence of applicants presence of applicants

• Insulate hiring managers

from obtaining protected from obtaining protected class information

• Review candidates for

comments or activities contradictory to corporate policies

• David Black, Jackson Lewis

ddi i l Additional Resources

SHRM – 1070 hits on “social media” search Insurance Companies and Brokers- Risk Management 101 HR Consultants Attorneys NLRB- www.nlrb.gov g Social Media! Upcoming Seminar- October 27th 4-6:30 WAC Upcoming Seminar October 27 , 4 6:30 WAC

Connect with Cliff Rudolph about.me/cliffrudolph linkedin.com/in/cliffrudolph @cliffrudolph cerudolph@psfinc.com f /d / l ff d l h psfinc.com/directory/cliff-e-rudolph 425-709-3705 Connect with Jim Gregson Connect with Jim Gregson linkedin.com/pub/jimgregson/9/769/747 jcgregson@psfinc.com psfinc.com/directory/jim-c-gregson p y j g g 425-709-3744 psfinc.com f b k / f facebook.com/psfinc @psfinc