Tannenbaum Helpern Syracuse & Hirschtritt, LLP
About Us Careers Contact Us Search
Home Practice Areas Industries Case Results Attorneys Publications Events Press Room

Cybersecurity and Staffing: Guarding Clients' and Job Candidates’ Information

Does your staffing firm have a written information security program (WISP)? As the threat of cyber-attacks is on the rise, staffing clients, employees and job candidates expect that staffing firms will maintain the privacy and security of their confidential personal information, including Social Security numbers, driver's license and other government-issued identification card numbers, bank account information, and credit and debit card numbers. Staffing firms may possess some or all of these types of sensitive information. A well-designed and well-implemented WISP could lead to better security awareness among staffing firms’ principals and employees, better client relations, and reduce potential legal liability in the event of a data breach.

In addition, if a firm does not already have a WISP, it could be in violation of the law, regardless of the firm’s physical location and size. For example, a Massachusetts regulation titled 201 CMR 17.00 known as “Standards for the Protection of Personal Information of Residents of the Commonwealth”, requires businesses to establish a WISP that provides for the safeguarding of certain personal information of Massachusetts residents. Importantly, as long as the firm possesses protected personal information about a resident of Massachusetts, this regulation will apply even if the firm does not have a physical presence in state. Other states will likely follow Massachusetts’s lead and enact their own statutes or regulations that require WISPs.

Moreover, even if staffing firms are not otherwise bound by law or regulation to do so, their clients may contractually require them to implement a WISP, particularly if the clients operate in industries that have strong data privacy regulations, such as healthcare and financial services.

What is a WISP? It is a document that describes the measures that a firm takes to protect the security and confidentiality of personal and other sensitive information it collects and maintains. To create and follow through on an effective WISP, firms should at the minimum consider the following:

  • identifying reasonably foreseeable internal and external risks to the security, confidentiality and integrity of electronic and paper documents containing personal information;
  • assessing the likelihood and potential damage of these risks;
  • evaluating the sufficiency of your firm’s existing policies, procedures and other safeguards in place to control risks;
  • developing additional security policies relating to the storage, access and transportation of records containing personal information;
  • designating one or more employees to maintain the information security program;
  • preventing terminated employees from accessing records containing personal information;
  • providing for the oversight of service providers; and
  • making modifications to your security policies and procedures as necessary.

For more information on the topic discussed or if you have specific questions on the potential impact of the rules on your overtime policy, please contact:

Joel A. Klarreich | 212-508-6747 | jak@thsh.com |: @staffing_lawyer

Andrew W. Singer | 212-508-6723 | singer@thsh.com |: @employer_lawyer

Stacey A. Usiak | 212-702-3158 | usiak@thsh.com |: @law4employers

Jason B. Klimpl | 212-508-7529 | klimpl@thsh.com |: @HR_Attorney

Michael J. Riela | 212-508-6773 | riela@thsh.com

Employment Notes, a newsletter produced by Tannenbaum Helpern Syracuse & Hirschtritt LLP’s Employment Law Department, provides insights on recent employment caselaw, legislation and other legal developments impacting employer policies, human resource strategies and related best practices. To subscribe to the newsletter, email marketing@thsh.com.

About Tannenbaum Helpern Syracuse & Hirschtritt LLP

Since 1978, Tannenbaum Helpern Syracuse & Hirschtritt LLP has combined a powerful mix of insight, creativity, industry knowledge, senior talent and transaction expertise to successfully guide clients through periods of challenge and opportunity. Our mission is to deliver the highest quality legal services in a practical and efficient manner, bringing to bear the judgment, common sense and expertise of well trained, business minded lawyers. Through our commitment to service and successful results, Tannenbaum Helpern continues to earn the loyalty of our clients and a reputation for excellence. For more information, visit www.thsh.com. Follow us on LinkedIn and Twitter: @THSHLAW.

Business Litigation Bulletin
Employment Notes
Healthcare Reform Alert: Obama Administration Suspends Deadline for Distribution of Insurance Exchange Notices to Employees
Healthcare Reform Alert: Obama Administration Sets October 1 Deadline for Employers to Distribute Insurance Exchange Notices
New York City Earned Sick Leave: Practical Steps for Employers
Changes to New York’s Minimum Wage Now Effective
New York City Paid Sick Leave – What Employers Need to Know
NY Rings in the New Year with an Increase in the Minimum Wage
Don’t Flake Out on Inclement Weather Practices
NYC Passes Ban-the-Box Legislation
NLRB Decision on Standard for Joint Employers Impacts the Staffing Industry and its Clients
New York Hospitality Employers Face Host of Wage Payment Changes
Required Annual Distribution of New Jersey Notices
Three Legal Trends Affecting Staffing Firms
Federal Appeals Court Affirms the Importance of Implementing Proper Timekeeping Policies to Guard against Overtime Claims
U.S. Department of Labor Publishes Final FLSA Overtime Rule Affecting the “Exempt” Status
Phantom Equity Plans: A Flexible Alternative to Retain and Motivate Key Employees
New York Employers Brace for New Restrictions on Electronic Wage Payment Methods
Pay Equity Legislation: Compensation Based on Applicants’ Previous Salary a Thing of the Past
Companies Must Account for New Law Protecting Confidential Information
New Overtime Rule Blocked
Cybersecurity and Staffing: Guarding Clients' and Job Candidates’ Information
New USCIS Form I-9 Now Effective
New York State Direct Deposit and Paycard Regulations Invalidated
Complying with the 2017 New York State Minimum Wage and Exempt Salary Thresholds
New York State Workers’ Compensation Board Proposes Rules for New York Paid Family Leave
NYC Bans Salary History Inquiries During the Hiring Process
New Requirements for Engaging Freelance Workers in NYC
Workers’ Compensation Board Releases Revised Rules for NY State Paid Family Leave
Data Security Issues for Staffing Firms After the Equifax Breach
City Expands Sick Time Act to Cover “Safe Time”
Facing the Wave of Recent Sexual Harassment Complaints – Proactive Steps for Employers to Mitigate Risk
Reminder: 2018 New York State Minimum Wage and Exempt Salary Thresholds Increased
New York State and City Anti-Sexual Harassment Legislation Impose Significant New Obligations on Employers
NYC Employers Must Comply With New Laws on Accommodations and Schedule Changes
Update: Employer Obligations under Recently Enacted NYS and NYC Sexual Harassment Prevention Laws
Update: New York State Issues Final Guidance and Materials on Sexual Harassment Prevention Laws
Holiday Party Liability: Keep Your Employees Off The Naughty List
New York Minimum Wage and Exempt Employee Salary Thresholds Set to Increase in 2019
Note from the Real Estate Group
THSH E-Alert
Other Publications
Articles By Topic
Cyber & Privacy Alert
New York Law Journal
Attorney Professionalism Forum
Join Our Mailing List
Like us on FaceBook Follow us on Twitter Get LinkedIn with us Pin It! Email Us Print this Page

Sitemap |Terms of Use | Privacy | Attorney Advertising

Tannenbaum Helpern Syracuse & Hirschtritt LLP provides legal advice only to individuals or entities with which it has established an attorney-client relationship and such advice is based on the particular facts and circumstances of each matter. Contacting us through this site, or otherwise, will not establish an attorney-client relationship with us. Any e-mail or other communication sent to THSH or its lawyers through this site will not be treated as subject to the attorney-client privilege or as otherwise confidential and you should not include any confidential information in any such communication.