The payroll office – which combines the most sensitive employee information and the ability to cause money transfers – is where the “rubber hits the road” for both cyber security and its close cousin, privacy. Managing security and privacy risk – and interfacing with information security experts – is (and should be) increasingly part of the payroll professional’s job duties. In short: payroll professionals should be a part of the cybersecurity planning process.
Here is the presentation that I recently presented at the annual meeting of the NY Metro Area chapter of the American Payroll Association.
I am pleased to be speaking at the Privacy + Security Forum this week. The agenda is packed with great topics — and it is clear that the employment relationship will be discussed throughout. At the same time, only two sessions deal exclusively with the employment relationship: one discussing on pre- and post-employment background checks (Combating the Insider Threat: Background Screening and Monitoring) and the one I am leading, Privacy and Security in the Employment Relationship. This tells me that the centrality of the employment relationship to the security and privacy realm is not yet fully understood to practitioners.
I am grateful to Professor Solove for the opportunity to share my views on the topic – and I look forward to being joined by my co-presenter, Bret Cohen at Hogan and Lovells!
Update (10/29/16): The Librarian of Congress has exercised his statutory authority to exempt bona fide security researchers from certain copyright requirements, including on consumer-oriented IOT products .
Repost of my original post below.
The Internet of Things (IoT) is undoubtedly going to play a major role in the workplace. Because an employer has a number of critical employee-related interests in securing IoT data, including protecting securing otherwise private employee and business information as well as protecting trade secrets, employment lawyers should be in the conversation with the technology acquisition and development teams as they develop an IoT acquisition policy. Here is how to create such a policy.
View original post 550 more words
Executives are highly targeted for social engineering and other efforts to gain access to their information. Whether the data is from the recent-Yahoo breach (or any other breach), there is an active market for information, including information from your employees and executives. This information can be used to access accounts, build a spear-phishing profile, gather intelligence on execs or simply embarass them. Some thoughts:
The new EU GDPR will be a game changer for a number of multinational employers. Here are a few practice pointers for US-based enterprises with European HR data:
I’ve argued in detail in this blog (here and here) that management-side employment lawyers must get deep under the hood of expert systems designed to perform evaluative functions on candidates and employees (such as expert HR systems). At each step of development — arguably from the earliest design phase — lawyers must be equipped to understand the potential bias that might creep into algorithmic decision-making and help design systems that are as bias-free as possible.
Here are two important articles for readers on the subject (and why they are relevant):