States mandate protection of employee data
June 17, 2009 by Sam NarisiPosted in: In this week's e-newsletter, Latest News & Views, Regulations & Compliance
It’s a new trend in state law: mandatory data protection policies.
Connecticut recently passed such a law, becoming the second state (after Michigan) to do so.
What does the new rule require? All employers must:
- create and post policy regarding social security numbers (the law doesn’t say what the policy needs to contain — just that it must keep social security data confidential and limit access to employees’ SSNs)
- safeguard against the misuse of “personal information” by third parties, and
- destroy personal info once it’s no longer needed and properly erase and dispose of electronic storage media that the company gets rid of.
Companies can be fined up to $5,000 dollars for intentional violations — those that they break the law unintentionally seem to be off the hook.
We’ll keep you posted as more states consider similar bills.
DocuCrunch.com delivers the latest IT and Imaging news once a week to the inboxes of over 200,000 IT and Imaging professionals.
Click here to sign up and start your FREE subscription to DocuCrunch!
Tags: Connecticut, employee data, Security, SSN
