The use of biometric data is continuously increasing, including in the workplace. Biometric data may include facial characteristics, hand geometry, a retina/iris scan, a fingerprint or a voiceprint. Employers often collect and use biometric data to establish records of employee hours, to restrict access to specific areas, computer systems, data or devices, to provide security and to promote employee health, including through wellness programs.
Virtually every thoughtful employer wants to hire the very best employees they can find. And why not? Good workers produce better products, provide better service, give maximum effort, learn and adopt the company’s best practices and culture. Bad employees are indifferent, if not outright negative about the company, its customers, its products, its values.
On March 8, the House’s Education and Workforce Committee passed a bill, HR 1313 – Preserving Employee Wellness Programs Act. The bill, which was introduced by U.S. Rep. Virginia Foxx in order to “reaffirm existing law to allow employee wellness programs to be tied to responsible financial incentives,” follows a May 2016 ruling by the EEOC that allows for premiums to be cut by up to 30% for individuals and 60% for couples enrolled in wellness programs.
The Association of Corporate Counsel (ACC) recently released a set of guidelines intended to serve as a benchmark for law firm cybersecurity practices. The guidelines include information retention, return, and destruction, data handling and encryption, data breach reporting, physical security, employee background screening, and cyber liability insurance. The requirements were developed based on corporate law departments’ experiences and with input from several law firms.
The term “social engineering” used to conjure up images of social scientists with Ph.D’s brainstorming ways to improve race relations or provide lower income groups with greater access to education and employment opportunities. Today, however, the term is more frequently associated with the use of technology and basic principles of human nature to trick individuals into divulging confidential or personal information that may be used for fraudulent purposes. The social engineering techniques employed by these modern day con artists may be the biggest threat to your Company’s confidential and proprietary information.
China’s new cyber security law (Law) could have far-reaching impacts for companies that do business there. The Law goes into effect on June 1, 2017. As is typical of legislation passed by the Standing Committee of the National People’s Congress, China’s highest legislative authority, the law has been criticized for its vagueness.
Governor Jerry Brown’s selection of Congressman Xavier Becerra to succeed (now Senator) Kamala Harris as the new Attorney General of California was a surprising move that brings into power in California a seasoned advocate of the economic prosperity of California, but one without a clear track record of privacy law enforcement.
Yahoo recent announcement that CEO Marissa Mayer would forego a 2017 stock award (after giving up a 2016 cash bonus) following security breaches in 2014, 2015 and 2016 underscores the importance of having a security team in place to prevent or at least mitigate, security breaches.
Emails, lots and lots of emails, filling our inboxes. Even with the best security and filters, it seems that hackers are simply building better mousetraps. The bigger problem, however, is the trusting nature of individuals who open emails that they shouldn’t. Phishing emails appear to come from a trusted source; such as a supervisor, client or government agency.
New York’s Department of Financial Services Cybersecurity regulation became effective March 1. According to the press release issued with the regulation, the regulation is intended to require banks, insurance companies and "covered entities" to "establish and maintain a cybersecurity program designed to protect consumers' private data and ensure the safety and soundness of New York State's financial services industry.” This regulation is the first of its kind in the U.S, and will likely serve as a model to other states looking to address cybersecurity.