Privacy and Security in the Employment Relationship

Slides:

Advertisements

Similar presentations

BUSINESS B2 Ethics.

Advertisements

ERICK BECKER || || 949–852–1800 || Social Media in the Workplace: Guidelines for Employers May 27, 2014 Erick.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

© 2015 Snell & Wilmer © 2015 Snell & Wilmer WAGE AND HOUR AND TRADITIONAL LABOR UPDATE April 2, 2015 John F. Lomax, Jr.

Copyright 2014 TOP TEN LEGAL ISSUES WITH. NUMBER 10: Are we friends?

980 9 th Street, Suite 2300 Sacramento, California Telephone: Facsimile: Montgomery Street, Suite 788 San Francisco,

School of Risk Control Excellence Employee Use of Social Media The Impact of the Virtual World on Disciplining and Firing Employees Laura Lapidus, Esq.

SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.

Class 13 Internet Privacy Law European Privacy.

Internal Auditing and Outsourcing

(Edited) WORKPLACE PRIVACY.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Ethics and professional Conducts for Civil engineers

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Social Media in the Workplace MEGAN QUIRK, ATTORNEY AT LAW.

EFFECT OF CORPORATE IT POLICIES ON OTHERWISE PRIVILEGED COMMUNICATIONS Prepared by Joel P. Hoxie of Snell & Wilmer November 2010 Presented by: Jon Barton.

FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.

Is Your Background Check Process Compliant?. 2 © Copyright 2015 ADP, LLC. Proprietary and Confidential Information. Agenda Privileged & Confidential.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Issues Related to Global Information Systems A business can’t just worry about its home- country laws, rules and regulations. If a business has global.

Data protection—training materials [Name and details of speaker]

Effect of Corporate IT Policies on Otherwise Privileged Communication By: Jonathan T. Barton.

SECURITY AND ELECTRONIC COMMUNICATIONS WHAT YOU NEED TO KNOW FOR YOUR AUDIT.

Law Firm Data Security: What In-house Counsel Need to Know

Privacy and Public Policy Implications of IoT

Judicial Training on Data Protection and Privacy Rights

Surveillance around the world

Managing an International Reduction in Force

Brussels Privacy Symposium on Identifiability

Cybersecurity - What’s Next? June 2017

Data Minimization Framework

CHAPTER FOUR OVERVIEW SECTION ETHICS

6 October 2016 Social media: do you have the right social media strategy that will impact your business’ growth? - Legal and Regulatory Issues William.

Decrypting Data Compliance in China

IS4680 Security Auditing for Compliance

General Data Protection Regulations: what you really need to know

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Information Governance and Data Privacy: A World of Risk

Nina Barakzai November 2017

Unit 7 – Organisational Systems Security

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

Bob Siegel President Privacy Ref, Inc.

GENERAL DATA PROTECTION REGULATION (GDPR)

Move this to online module slides 11-56

The Public Sector Equality Duty

Current Privacy Issues That May Affect Your Credit Union

Employee Privacy and Privacy of Employee Information

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Cybersecurity compliance for attorneys

SURVEILLANCE IN THE WORKPLACE: WHAT YOU SHOULD KNOW

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

Health Care: Privacy in a Digital Age

Chapter 8 Developing an Effective Ethics Program

CHAPTER FOUR OVERVIEW SECTION ETHICS

Government Data Practices & Open Meeting Law Overview

The Public Sector Equality Duty

General Data Protection regulation (GDPR)

Privacy and Cyber Security for Payroll Pros: A Global Perspective

General Date Protection Regulation

Cyber Security: What the Head & Board Need to Know

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Government Data Practices & Open Meeting Law Overview

SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Presented by Anthony J. Campiti Thompson & Knight LLP One Arts Plaza

Office of Research Integrity and Protections

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Anatomy of a Common Cyber Attack

Presentation transcript:

Privacy and Security in the Employment Relationship Steve Sheinberg General Counsel and SVP, Privacy and Security Anti-Defamation League SSheinberg@adl.org Blog: workplacetechlaw.com Bret Cohen Privacy & Cybersecurity Group Hogan Lovells bret.cohen@hoganlovells.com Blog: hldataprotection.com October 26, 2016

Privacy and security in the employment relationship Law of employee privacy Building a privacy and security program Hogan Lovells

Law of employee privacy Relatively limited statutory protections for employee privacy In many cases, employee privacy risks can be mitigated by setting proper expectations Be on the lookout for unintended consequences of policies involving the collection of employee information (e.g., discriminatory impact) Hogan Lovells

Employee monitoring: use of corporate IT systems In the U.S., wide latitude for employers to monitor activity on company- owned information systems Liability protection for cybersecurity monitoring Implement an acceptable use policy to set employee expectations Prohibit unlawful uses and describe limits on personal use Preserve the company’s right to inspect and monitor Address off-hours use by non-exempt personnel Notify employees regularly and whenever possible (e.g., banner) Hogan Lovells

Employee monitoring: use of third-party services Corporate security may involve monitoring of third-party services, whether used on the corporate network or outside of work time Be careful about how you gain access to those services State laws prohibiting employers from requesting private passwords from employees Potential liability for accessing password-protected services or personal communications under anti-hacking and wiretapping statutes Case law protecting attorney-client communications Hogan Lovells

Employee monitoring: NLRB and social media National Labor Relations Act prohibits even non-union employers from restricting employee organizing rights Employee organizing rights include communicating with each other about terms and conditions of employment NLRB has focused on employer social media policies, prohibiting: Discipline of employees for protected online communications about workplace Adoption of overbroad rules restricting employee communications about workplace Hogan Lovells

Employee monitoring: audio/video monitoring Some statutes prohibit video monitoring in specific sensitive areas (e.g., bathrooms) Elsewhere, video monitoring will be subject to “intrusion” test Audio monitoring In most states, call or other audio recording requires the consent of at least one party to the communication Be cautious of all-party consent states Hogan Lovells

Employee monitoring: physical and productivity monitoring Increase in metrics, sensors, Internet of Things, and Big Data creates opportunities to measure and increase workplace efficiency Beware of algorithmic bias Geolocation tracking When do asset-tracking and productivity monitoring cross the line? Hogan Lovells

Background checks FCRA and state laws require employee consent prior to conducting a background check for employment purposes Federal law covers use of third parties; some state laws cover employer checks as well Requirements to provide adverse action notices and the opportunity to correct Non-traditional background checks are covered (e.g., social media checks) Be careful to avoid discrimination issues Including non-traditional discrimination (e.g., lawful off-duty conduct) Insulate decision-makers from factors that could be considered discriminatory Hogan Lovells

International issues Stronger privacy protections for employee information in the EU and in countries with EU-style comprehensive privacy laws Employee notices Restrictions on cross-border data transfers Greater restrictions on monitoring of electronic resources Employee hotline regulation (e.g., anonymous reporting) Works council consultation for IT policies Hogan Lovells

Building a privacy and security program The key to mitigating privacy and security risks in the workplace is creating a privacy-aware corporate culture that motivates and trains employees to be part of that culture Hogan Lovells

Building a privacy and security program Create employee policies that recognize that employees are the main threat vector. Teach employees, especially about social engineering. Talk to the CIO. Get good agreements with vendors and key employees. Strive for Cyber Resiliency Follow the principle of least privilege. Update software, install patches, remove non-approved software. Ensure that your physical security is sufficient. Encrypt all data, period. Segregate differing data onto separate networks. Monitor network traffic. Use two-factor authentication. {Most of this is policy, not tech, driven} Hogan Lovells

Questions? Bret Cohen Privacy & Cybersecurity Group Hogan Lovells Steve Sheinberg General Counsel SVP, Privacy and Security Anti-Defamation League SSheinberg@adl.org Blog: workplacetechlaw.com Bret Cohen Privacy & Cybersecurity Group Hogan Lovells bret.cohen@hoganlovells.com Blog: hldataprotection.com Hogan Lovells