Welcome to the Law Offices of Peter J. Lamont & Associates's Legal & Business Blog. The firm has built a solid reputation for delivering creative, effective and valuable solutions to our clients' legal and business issues. We combine "big firm" knowledge and sophistication with the responsiveness and focus of a boutique firm. ​

Friday, January 3, 2014

Lessons from Target: Securing Consumer and Employee Data in 2014

By: Peter J. Lamont, Esq.
New Jersey Business and Personal Law Attorney
Law Offices of Peter J. Lamont

This past holiday season Target Corp found itself on Santa's Naughty List all due to a significant data breach that affected as many as 40 million holiday shoppers (including my wife).  According to authorities, the Target breach was only one of over 600 data breaches that occurred in 2013.  As a result, many companies are upgrading their data security measures as they relate to consumer information.  

However, it is important for businesses to understand that their human resources data must also remain secure.  In fact, at least 46 states have enacted data breach notification laws. Some of the information that employers are obligated to secure include, criminal background checks, credit checks, social security numbers and other sensitive information.

Businesses must focus their energy on data protection this year. Below are a few tips that companies should consider when creating a data security plan for 2014.
  • Appoint an employee to be in charge of overseeing and coordinating the company’s information security efforts for sensitive employee and customer information stored in hard copy or electronic form.
  • Have each company department that handles sensitive employee or customer information work with the company’s information security coordinator to: (i) conduct and document an inventory of the type of sensitive information handled by that department; (ii) assess potential internal and external data security risks; (iii) develop and document information security safeguards for addressing these risks; and (iv) communicate and train department employees on these safeguards.
  • Limit access to sensitive employee or customer data to only those employees whose position requires access to the data and prohibit other employees from engaging in unauthorized access, use, or disclosure of the data.
  • Ensure that hard copy records are stored in secured, locked locations and that only authorized personnel have keys to the locked areas.
  • Ensure that the company has appropriate technology safeguards in place to secure electronic data from unauthorized access and to limit access to only authorized employees.
  • Consider encrypting data when it is transmitted electronically over networks or stored on-line.
  • Require employees to use unique, secure password-activated screensavers on computers and any personal devices used for work purposes and to regularly change passwords.
  • Ensure that the company has a method for carefully selecting and only hiring third party vendors/contractors capable of securing confidential data and that third party contracts contain language requiring the third party to safeguard the data.
  • Regularly train employees on information security measures and requirements.
  • Ensure that the company has an effective system in place for obtaining hard copy and electronic data back from departing employees or third party vendors/contractors when their relationship with the company ends.
  • Require employees and third party vendors/contractors to promptly report any potential data security breach to the company.
  • Adopt a data breach response plan in advance so that the company is prepared to promptly and appropriately address any data breach that does occur.
  • Conduct periodic tests and audits of security measures and make adjustments as appropriate.
If you would like more information about this topic or have general legal questions, please feel free to contact me at (973)949-3770 or via email at plamont@peterlamontesq.com We answer legal questions on a daily basis and would be happy to discuss any issues or questions that you have with you.  Offices in: New Jersey New York, Colorado & Puerto Rico.  Affiliated throughout the country.
Related Posts Plugin for WordPress, Blogger...