News & Views of An Indiana Business Lawyer: Legislating an Employee Data Protection Policy

About Me and My Practice

The office address is 1106 Meridian St, Suite 251, Anderson, IN 46016 (follow that link for a map.)

Telephone: 765-641-7906

Fax: 765-374-3811

The best time to reach me by telephone is (usually) after 4:00 pm.

My traditional web page is here.

You may also want to take a look at my Yahoo Local listing here.

Want to know more? I have more information on web page at page for more background. Also I have a Naymz page here:

My Linkedin Profile. Come see me on Facebook. Or follow me on Twitter or on Friendfeed.

If you do want to hire, please use my client questionnaire.

Saturday, July 19, 2008

Legislating an Employee Data Protection Policy - an Idea for Indiana

I vote yes, it would. With only two states doing this - so far - I cannot see Indiana being an early adopter (but then when do we adopt something early?)

Take a look at the following from Connecticut Becomes Only the Second State to Mandate an Employee Data Protection Policy:

Employers Must Create and Post a Social Security Number Policy. The Act requires the creation of a "a privacy protection policy" by any entity that collects SSNs in the course of its business. The Act does not limit this requirement to the collection of SSNs from any particular category of individuals, such as customers, patients, or insureds. The Act, therefore, necessarily encompasses the collection of SSNs from employees. Consequently, the Act requires employers to promulgate a policy that, at a minimum, (1) protects the confidentiality of SSNs; (2) prohibits unlawful disclosure of SSNs; and (3) limits access to SSNs.

***

Enforcement by Agencies. For persons holding a license, registration or certification issued by agencies other than the Department of Consumer Protection, only the licensing agency will enforce the Act. For all other businesses, the Department of Consumer Protection will enforce the Act. While the Act does not authorize a private right of action for violations, the Act's requirements arguably establish a standard of care that could be used to support a negligence lawsuit against an employer who fails to adequately safeguard personal information.

Fines Imposed, but Not for Unintentional Violations. Significantly, the Act specifically excludes unintentional violations from its purview. Intentional violations, however, can result in a civil penalty of $500 per violation, not to exceed $5,000 dollars per single event. Although the Act requires the depositing of any fine into a specific Privacy Protection Guaranty and Enforcement Account, the bill proposing the creation of such account did not pass into law. Such fines, therefore, likely will be deposited into the General Fund.

Thanks to Workplace Privacy Counsel blog for this one.

News & Views of An Indiana Business Lawyer

Welcome from Sam Hasler

About Me and My Practice

What I have written about by topic

Indiana Business Litigation and Collections Law

Indiana Business Litigation and Collections Law Blog.

Links Page to Indiana Business Law Source (Cases, Statutes, Agencies)

Feeds from Business Law & Biz Blogs

Business Links

My Documents Published on JD Supra

Followers

Use Blawgsearch for searching other blogs

Sam Hasler's Indiana Divorce &; Family Law Blog

Blog Review

Saturday, July 19, 2008

Legislating an Employee Data Protection Policy - an Idea for Indiana