While many in the nonprofit community believe that a privacy and cybersecurity program is beyond their means, the fact is there are many ways to tackle this problem—many of which are low and no cost—and most of which is low-tech. And the cost of doing nothing is very high. In the highly competitive world of nonprofit reputation management, the consequences of a breach can be absolutely devastating.
Employers in the US likely cannot pay their employees in virtual currencies (VC) such as Bitcoin or Ethereum. For employers who are still interested (or not fully persuaded by my line of reasoning), I offer some liability minimizing strategies, below.
(Post updated 4/3/2017)
The payroll office – which combines the most sensitive employee information and the ability to cause money transfers – is where the “rubber hits the road” for both cyber security and its close cousin, privacy. Managing security and privacy risk – and interfacing with information security experts – is (and should be) increasingly part of the payroll professional’s job duties. In short: payroll professionals should be a part of the cybersecurity planning process.
Here is the presentation that I recently presented at the annual meeting of the NY Metro Area chapter of the American Payroll Association.
I am pleased to be speaking at the Privacy + Security Forum this week. The agenda is packed with great topics — and it is clear that the employment relationship will be discussed throughout. At the same time, only two sessions deal exclusively with the employment relationship: one discussing on pre- and post-employment background checks (Combating the Insider Threat: Background Screening and Monitoring) and the one I am leading, Privacy and Security in the Employment Relationship. This tells me that the centrality of the employment relationship to the security and privacy realm is not yet fully understood to practitioners.
I am grateful to Professor Solove for the opportunity to share my views on the topic – and I look forward to being joined by my co-presenter, Bret Cohen at Hogan and Lovells!
Update (10/29/16): The Librarian of Congress has exercised his statutory authority to exempt bona fide security researchers from certain copyright requirements, including on consumer-oriented IOT products .
Repost of my original post below.
The Internet of Things (IoT) is undoubtedly going to play a major role in the workplace. Because an employer has a number of critical employee-related interests in securing IoT data, including protecting securing otherwise private employee and business information as well as protecting trade secrets, employment lawyers should be in the conversation with the technology acquisition and development teams as they develop an IoT acquisition policy. Here is how to create such a policy.
View original post 550 more words