Employer Law Report

Tag Archives: data breach

Boeing Data Breach is yet another illustration of need for employee education and training

In November 2016, a Boeing employee experiencing difficulty formatting an Excel spreadsheet. Not realizing that hidden columns included birth dates and social security numbers for 36,000 Boeing employees, he emailed the spreadsheet to his wife, who was not a Boeing employee, so she could help. This seemingly innocent act prompted Boeing to launch an investigation and notify those employees and officials in four states of a data breach.

You see, data breaches are not always caused by Russian hacks or other cyber-criminals. Sometimes it is the most innocuous action taken by the most well-meaning of employees. As a result, Boeing

NLRB files complaint against postal service for not bargaining with union over effects of data breach incident

We all pretty much know the drill at this point. Organization announces data breach, sends out notices as required under state and/or federal law to those individuals that are affected, offers some kind of identity theft protection or credit monitoring service, awaits public criticism and backlash. The NLRB and the American Postal Workers Union (“AWPU”) apparently think that there should be an additional step when the data breach involves the personal information of employees who are covered by a collective bargaining agreement – bargaining over the effects of the data breach on, and the remedy to be provided to, the …

The latest surge in data breaches highlight key takeaways for employers

The recent data breaches at Target, Home Depot, and Jimmy John’s have kept data privacy and security in the news lately. But from a legal perspective, there has never been much that the victims of these breaches could do to obtain a remedy in the absence of actual proof of identity or other theft. Indeed, ever since the U.S. Supreme Court decision in Clapper v. Amnesty International, it has been clear that the mere potential for future injury is insufficient to confer standing on a data breach victim to sue. Instead, the plaintiff must prove that injury is “certainly …

Attend Our Upcoming Complimentary Workshop – What Would YOU Do If Your Network Is Hacked?

Wednesday, February 16, 2011
11:30 a.m. – 1:30 p.m. Lunch will be provided.
Capital Club – 41 South High Street, 7th Floor
Columbus, Ohio

An employer’s human resources department can provide one-stop shopping for identity thieves, where they can find personnel records, benefits data, and payroll and tax records all in the same place. What would you do if you learned that this data had been compromised? Don’t get caught short  – learn what you can do to respond effectively to data breach intrusions, whether as a result of a lost laptop, criminal hacking, or other unauthorized access or use …

Data Breach Case Highlights Importance of Vendor Management

The Ruiz v. Gap, Inc. et al. decision, rendered earlier this week by a federal court in California, is another in a long series of cases that dismisses lawsuits brought by data-breach victims when those victims cannot establish that they were actual identity theft victims with actual damages. In this case, the plaintiff was an applicant for employment at The Gap whose personal information was compromised when two laptops belonging to Vantage, Inc, the company that processed job applications for The Gap, were stolen.

Going along with the vast majority of courts to date, the Ruiz court held that, …