11. Data Protection/ID Theft/Hacking
Anthem. Sony. Target. Starbucks. Banks/Credit Card issuers. And more. I anticipate that cyber security breaches will be more extensive in 2015 as more sophisticated hackers continue doing what they do. Employers need to take the threat of cyber breaches seriously, and be prepared to deal with a breach should one occur. Although not a requirement or a mandate, the National Institute of Standards and Technology issued its “Framework for Improving Critical Infrastructure Cyber Security” in February 2014. The standards are a good place to start in determining potential risks and strategies in dealing with those risks. If your business (banking, medical, etc.) is one that is regulated concerning data protection and cyber security risks, educate yourself to be in compliance with the regulations. If you do business in different states, educate yourself as to the requirements in each of those states. Obtain regular reports from your IT department, chief information officer or security personnel to evaluate the protections in place and determine if any breaches have occurred. A growing trend in the insurance industry is cyber insurance. Cyber insurance is available through many companies, and should be investigated as part of your overall insurance needs. Finally, as with any other employment issue, employees should be trained on a regular basis as to the risks of cyber security breaches/identify theft and trained on how to minimize the risks.
One of the most recent and perhaps most infamous data breaches concerned Sony Pictures Entertainment arising from their movie, The Interview. This fiasco teaches a number of lessons:
Nothing is private, including e-mails marked Private and Confidential. In the past, I have often talked about individuals sending e-mails or posting comments on social media sites believing they were private. On occasion, the e-mail sender would hit reply all by mistake, or the social media poster would post on a public page. Sony Pictures reminds us that e-mails that are sent correctly can still be discovered and made public.
Although Alabama does not have any law specific to data breaches, many states do. Various state laws require the immediate notification to those who may be impacted, and the offering of credit monitoring.
All employers no matter size, location or industry can be subject to cyber attacks and data breaches.
Employers will be sued even if they are the victim of a criminal cyber attack or international terrorism. Sony has had at least 3 federal class action lawsuits filed against them in California as a result of their recent hack.
Employers need to implement data precautions. These precautions are dependent upon each individual employer, and should be implemented by security experts.
Cyber security/data breach laws are changing constantly. These changes must be monitored on a regular basis in order for the employer to determine what must be done to comply with state and federal laws and regulations.
As with any emergency scenario, employers should consider cyber breach and identity theft scenarios in their emergency and crisis planning.
12. Technology in the Workplace
Smart phones can help or hurt employers. A recent survey by the University of Southern California’s Marshall School of Business inquired into thoughts on smart phone usage during meetings. Among the findings:
86% believe it is inappropriate to answer phone calls during formal meetings.
84% believe it is inappropriate to write texts or e-mails during formal meetings.
75% believe it is inappropriate to read texts or e-mails during formal meetings.
66% believe it is inappropriate to write texts or e-mails during any meetings.
22% believe it is inappropriate to use phones during any meetings.
What struck me about this survey was how the age of the participants impacted the responses. Biennials responded that they were 3 times less likely to think it was inappropriate to check text messages and e-mails in informal meetings. I believe that age differences would also impact many of the uses of smart phones in the employment context. As such, questions arise whether or not policies, or the inconsistent enforcement of policies, could lead to age discrimination lawsuits.
Voice-mail is becoming obsolete. Recently, Coca-Cola’s Atlanta headquarters shut down its voice-mail “to simplify the way we work and increase productivity.” The new standard outgoing message now advises callers to try later or to use “an alternative method” to contact the person they are calling. According to BloombergBusiness, younger employees are side stepping telephone and desk top computers, and using their smart phones to send texts or messages to otherwise communicate with others. Although Coca-Cola gave its employees an option to keep voice-mail if they claimed “a critical business need”, only 6% of workers opted to retain it. I expect, sometime in the not too distant future, that many employers will cut the cord to land lines completely, and just use smart phones.
Wearable technology continues to have an impact in the workplace. It can be positive or it can be negative. Many experts believe that wearable technology will allow for the automation of the work force, providing employees specific, relevant information where they need it which allows them to be more efficient in their work. Unfortunately, wearable technology can also create problems in the workplace. Trade secrets can easily be photographed or videotaped. Employees may be distracted from their jobs if using the wearable technology for personal use. Time will tell just how successful wearable technology will be in the workplace.