Tannenbaum Helpern Syracuse & Hirschtritt, LLP
About Us Careers Contact Us Search
Home Practice Areas Industries Case Results Attorneys Publications Events Press Room

Cybersecurity and Staffing: Guarding Clients' and Job Candidates’ Information

Does your staffing firm have a written information security program (WISP)? As the threat of cyber-attacks is on the rise, staffing clients, employees and job candidates expect that staffing firms will maintain the privacy and security of their confidential personal information, including Social Security numbers, driver's license and other government-issued identification card numbers, bank account information, and credit and debit card numbers. Staffing firms may possess some or all of these types of sensitive information. A well-designed and well-implemented WISP could lead to better security awareness among staffing firms’ principals and employees, better client relations, and reduce potential legal liability in the event of a data breach.

In addition, if a firm does not already have a WISP, it could be in violation of the law, regardless of the firm’s physical location and size. For example, a Massachusetts regulation titled 201 CMR 17.00 known as “Standards for the Protection of Personal Information of Residents of the Commonwealth”, requires businesses to establish a WISP that provides for the safeguarding of certain personal information of Massachusetts residents. Importantly, as long as the firm possesses protected personal information about a resident of Massachusetts, this regulation will apply even if the firm does not have a physical presence in state. Other states will likely follow Massachusetts’s lead and enact their own statutes or regulations that require WISPs.

Moreover, even if staffing firms are not otherwise bound by law or regulation to do so, their clients may contractually require them to implement a WISP, particularly if the clients operate in industries that have strong data privacy regulations, such as healthcare and financial services.

What is a WISP? It is a document that describes the measures that a firm takes to protect the security and confidentiality of personal and other sensitive information it collects and maintains. To create and follow through on an effective WISP, firms should at the minimum consider the following:

  • identifying reasonably foreseeable internal and external risks to the security, confidentiality and integrity of electronic and paper documents containing personal information;
  • assessing the likelihood and potential damage of these risks;
  • evaluating the sufficiency of your firm’s existing policies, procedures and other safeguards in place to control risks;
  • developing additional security policies relating to the storage, access and transportation of records containing personal information;
  • designating one or more employees to maintain the information security program;
  • preventing terminated employees from accessing records containing personal information;
  • providing for the oversight of service providers; and
  • making modifications to your security policies and procedures as necessary.

For more information on the topic discussed or if you have specific questions on the potential impact of the rules on your overtime policy, please contact:

Joel A. Klarreich | 212-508-6747 | jak@thsh.com |: @staffing_lawyer

Andrew W. Singer | 212-508-6723 | singer@thsh.com |: @employer_lawyer

Stacey A. Usiak | 212-702-3158 | usiak@thsh.com |: @law4employers

Jason B. Klimpl | 212-508-7529 | klimpl@thsh.com |: @HR_Attorney

Michael J. Riela | 212-508-6773 | riela@thsh.com

Employment Notes, a newsletter produced by Tannenbaum Helpern Syracuse & Hirschtritt LLP’s Employment Law Department, provides insights on recent employment caselaw, legislation and other legal developments impacting employer policies, human resource strategies and related best practices. To subscribe to the newsletter, email marketing@thsh.com.

About Tannenbaum Helpern Syracuse & Hirschtritt LLP

Since 1978, Tannenbaum Helpern Syracuse & Hirschtritt LLP has combined a powerful mix of insight, creativity, industry knowledge, senior talent and transaction expertise to successfully guide clients through periods of challenge and opportunity. Our mission is to deliver the highest quality legal services in a practical and efficient manner, bringing to bear the judgment, common sense and expertise of well trained, business minded lawyers. Through our commitment to service and successful results, Tannenbaum Helpern continues to earn the loyalty of our clients and a reputation for excellence. For more information, visit www.thsh.com. Follow us on LinkedIn and Twitter: @THSHLAW.

Business Litigation Bulletin
Employment Notes
Cybersecurity and Staffing: Guarding Clients' and Job Candidates’ Information
Note from the Real Estate Group
THSH E-Alert
Other Publications
Articles By Topic
Cyber & Privacy Alert
New York Law Journal
Attorney Professionalism Forum
Join Our Mailing List
Like us on FaceBook Follow us on Twitter Get LinkedIn with us Pin It! Email Us Print this Page

Sitemap |Terms of Use | Privacy | Attorney Advertising

Tannenbaum Helpern Syracuse & Hirschtritt LLP provides legal advice only to individuals or entities with which it has established an attorney-client relationship and such advice is based on the particular facts and circumstances of each matter. Contacting us through this site, or otherwise, will not establish an attorney-client relationship with us. Any e-mail or other communication sent to THSH or its lawyers through this site will not be treated as subject to the attorney-client privilege or as otherwise confidential and you should not include any confidential information in any such communication.