Does your staffing firm have a written information security program (WISP)?
As the threat of cyber-attacks is on the rise, staffing clients, employees
and job candidates expect that staffing firms will maintain the privacy
and security of their confidential personal information, including Social
Security numbers, driver's license and other government-issued identification
card numbers, bank account information, and credit and debit card numbers.
Staffing firms may possess some or all of these types of sensitive information.
A well-designed and well-implemented WISP could lead to better security
awareness among staffing firms’ principals and employees, better
client relations, and reduce potential legal liability in the event of
a data breach.
In addition, if a firm does not already have a WISP, it could be in violation
of the law, regardless of the firm’s physical location and size.
For example, a Massachusetts regulation titled 201 CMR 17.00 known as
“Standards for the Protection of Personal Information of Residents
of the Commonwealth”, requires businesses to establish a WISP that
provides for the safeguarding of certain personal information of Massachusetts
residents. Importantly, as long as the firm possesses protected personal
information about a resident of Massachusetts, this regulation will apply
even if the firm does not have a physical presence in state. Other states
will likely follow Massachusetts’s lead and enact their own statutes
or regulations that require WISPs.
Moreover, even if staffing firms are not otherwise bound by law or regulation
to do so, their clients may contractually require them to implement a
WISP, particularly if the clients operate in industries that have strong
data privacy regulations, such as healthcare and financial services.
What is a WISP? It is a document that describes the measures that a firm
takes to protect the security and confidentiality of personal and other
sensitive information it collects and maintains. To create and follow
through on an effective WISP, firms should at the minimum consider the
- identifying reasonably foreseeable internal and external risks to the security,
confidentiality and integrity of electronic and paper documents containing
- assessing the likelihood and potential damage of these risks;
- evaluating the sufficiency of your firm’s existing policies, procedures
and other safeguards in place to control risks;
- developing additional security policies relating to the storage, access
and transportation of records containing personal information;
- designating one or more employees to maintain the information security program;
- preventing terminated employees from accessing records containing personal
- providing for the oversight of service providers; and
- making modifications to your security policies and procedures as necessary.
For more information on the topic discussed or if you have specific questions
on the potential impact of the rules on your overtime policy, please contact:
Joel A. Klarreich | 212-508-6747 |
email@example.com |: @staffing_lawyer
Andrew W. Singer | 212-508-6723 |
firstname.lastname@example.org |: @employer_lawyer
Stacey A. Usiak | 212-702-3158 |
email@example.com |: @law4employers
Jason B. Klimpl | 212-508-7529 |
firstname.lastname@example.org |: @HR_Attorney
Michael J. Riela | 212-508-6773 |
Employment Notes, a newsletter produced by Tannenbaum Helpern Syracuse & Hirschtritt
LLP’s Employment Law Department, provides insights on recent employment
caselaw, legislation and other legal developments impacting employer policies,
human resource strategies and related best practices. To subscribe to
the newsletter, email
About Tannenbaum Helpern Syracuse & Hirschtritt LLP
Since 1978, Tannenbaum Helpern Syracuse & Hirschtritt LLP has combined
a powerful mix of insight, creativity, industry knowledge, senior talent
and transaction expertise to successfully guide clients through periods
of challenge and opportunity. Our mission is to deliver the highest quality
legal services in a practical and efficient manner, bringing to bear the
judgment, common sense and expertise of well trained, business minded
lawyers. Through our commitment to service and successful results, Tannenbaum
Helpern continues to earn the loyalty of our clients and a reputation
for excellence. For more information, visit www.thsh.com. Follow us on
LinkedIn and Twitter: @THSHLAW.