Q. We maintain employee personnel information in an HR software program. We have discovered that a former employee hacked into the database and copied 100 employees’ first and last names, addresses, Social Security numbers and driver’s license numbers. Do we have to notify the employees? Some of them live and work in Ohio.
A. Michigan’s Security Breach Notification Act covers the information contained in your personnel database. The information taken by the former employee is “personal information” under the act since it links employees’ first and last names to their Social Security and driver’s license numbers. Under the terms of the law, a “breach” has occurred, since the former employee has obtained unauthorized access to and acquisition of data that compromises the security or confidentiality of personal information.
Unless the company can reasonably determine that the security breach has not or is not likely to cause substantial loss or injury to, or result in identity theft with respect to a Michigan resident, you must provide notice to those individuals whose personal information is at risk. The company must give notice to employees who are Michigan residents without unreasonable delay.
While the act does not require notice to residents of other states, I recommend notifying the employees who are Ohio residents because Ohio has a similar law.
Like what you've read? ...Republish it and share great business tips!
Attention: Readers, Publishers, Editors, Bloggers, Media, Webmasters and more...
We believe great content should be read and passed around. After all, knowledge IS power. And good business can become great with the right information at their fingertips. If you'd like to share any of the insightful articles on BusinessManagementDaily.com, you may republish or syndicate it without charge.
The only thing we ask is that you keep the article exactly as it was written and formatted. You also need to include an attribution statement and link to the article.
" This information is proudly provided by Business Management Daily.com: http://www.businessmanagementdaily.com/5511/whats-an-employers-responsibility-to-provide-notification-of-a-data-security-breach "
- Ask the attorney -- Your HR questions answered
- EEOC issues employer best practices on work/family balance
- Angry employee shoots and kills her office-Manager friend
- Protect against retaliation suits by conducting independent and 'blind' internal investigations
- Make sure 'executive exemption' fits, or you could be liable for huge FLSA damages