The payroll office – which combines the most sensitive employee information and the ability to cause money transfers – is where the “rubber hits the road” for both cyber security and its close cousin, privacy. Managing security and privacy risk – and interfacing with information security experts – is (and should be) increasingly part of the payroll professional’s job duties. In short: payroll professionals should be a part of the cybersecurity planning process.
Here is the presentation that I recently presented at the annual meeting of the NY Metro Area chapter of the American Payroll Association.
Update (10/29/16): Here is the slide deck Bret and I presented.
I am pleased to be speaking at the Privacy + Security Forum this week. The agenda is packed with great topics — and it is clear that the employment relationship will be discussed throughout. At the same time, only two sessions deal exclusively with the employment relationship: one discussing on pre- and post-employment background checks (Combating the Insider Threat: Background Screening and Monitoring) and the one I am leading, Privacy and Security in the Employment Relationship. This tells me that the centrality of the employment relationship to the security and privacy realm is not yet fully understood to practitioners.
I am grateful to Professor Solove for the opportunity to share my views on the topic – and I look forward to being joined by my co-presenter, Bret Cohen at Hogan and Lovells!
Executives are highly targeted for social engineering and other efforts to gain access to their information. Whether the data is from the recent-Yahoo breach (or any other breach), there is an active market for information, including information from your employees and executives. This information can be used to access accounts, build a spear-phishing profile, gather intelligence on execs or simply embarass them. Some thoughts:
Continue reading “Large-Scale Data Breaches and Executives”
The new EU GDPR will be a game changer for a number of multinational employers. Here are a few practice pointers for US-based enterprises with European HR data:
Continue reading “The EU GDPR for US Employers: Practice Tips”
I’ve argued in detail in this blog (here and here) that management-side employment lawyers must get deep under the hood of expert systems designed to perform evaluative functions on candidates and employees (such as expert HR systems). At each step of development — arguably from the earliest design phase — lawyers must be equipped to understand the potential bias that might creep into algorithmic decision-making and help design systems that are as bias-free as possible.
Here are two important articles for readers on the subject (and why they are relevant):
Continue reading “‘Unpacking the Complexities’ of Algorithmic Bias”
This blog has advocated for the use of two-factor authentication. Recently, however, it was revealed that several high profile social media accounts were hacked, despite using two factor authentication.
Update: See Wired’s new piece on the subject: So Hey You Should Stop Using Texts for Two-Factor Authentication
Update: See Joint investigation of Ashley Madison by the Privacy Commissioner of Canada and the Australian Privacy Commissioner at Paragraph 72, arguing that multiple iterations of the same factor is not multi-factor.
Continue reading “Attacks Against Verification-Code-to-Cell Two-Factor Authentication”