With the data
breach at Equifax, and the fact that, as employers, we maintain a lot of
confidential employee information – such as social security numbers, addresses,
age, date of birth and dependent information – what is our obligation to
keeping that information safe?
Whether your company owns, licenses or merely maintains
personal information about your employee (such as name, address, date of birth,
SSN, driver’s license number, bank account information, etc.), nearly every
state has requirements on when and how affected individuals must be notified of
a breach, and many states also require notification be made to state attorneys
general, consumer protection agencies, national credit bureaus, and perhaps
even the media. Employers who suspect personal information about
employees may have been compromised should immediately contact legal counsel.
It’s also important to note that if you outsource payroll and
benefits to a third party such as a PEO or a company like Paychex, their
obligation is to notify you, not necessarily your employees, in the event of a
data breach. In such cases, you should
also contact legal counsel to assess your obligations.