As we welcome in the new year, and put the effects of the economic downturn behind us, we should not forget the myriad changes in laws impacting the workforce which took effect in 2010. Three in particular changed an employer’s practices in obtaining, maintaining and using personnel records and information:

1. All employers, regardless of size, were required to have by March 1, 2010, a Written Information Security Plan (WISP) addressing how personal information is to be kept, accessed and transmitted (including encryption requirements). Personal Information protected by this law is a Massachusetts resident’s first and last name (or first initial and last name) together with that individual’s social security number, bank account number, credit card number or other financial account number. For all employers, payroll, health insurance and retirement plan information (including beneficiary information) fall under the data security laws. In preparing a WISP, employers must consider hard copies of documents, e-mails and information in portable devices, such as back-up disks, PDAs, and smart phones. Failure to comply with the new Data Security laws carries potential penalties of treble damages under the consumer protection laws in the event of identity theft or a breach of data security.

2. Employers with 20 or more employees are required to notify employees when adding negative information to personnel records. Effective August 1, 2010, employers must provide to an employee a copy of any information that may negatively impact that employee’s employment, including potentially leading to disciplinary action, within 10 days of placing such information in the personnel file. The definition of “personnel records” is very broad and could be read to encompass e-mails and text messages commenting on a subordinate’s performance. Although employees cannot sue employers directly for violations of this statute, the Attorney General may fine the employer between $500 to $2,500 for each violation. Additionally, an employer may not be able to use negative information to support termination of an employee if the employer has not complied with this notice requirement. Employers with fewer than 20 employees are not required to maintain a personnel record for its employees, but should consider timely documentation and communication of performance issues to allow for smoother and less risky employment terminations.

3. The Massachusetts Criminal Offender Records Information (CORI) law underwent some substantial changes. A key change in the law for most employers is that employers may no longer request any criminal record information on “initial” job applications. As of November 4, 2010, employers can no longer include such inquires in “initial” job applications and must refrain from asking any applicant to provide a copy of his/her criminal record. Although it is not clear what constitutes “initial” job applications, they at least include the very first applications and “screening” applications that applicants complete. It appears that a request for criminal record history of certain convictions, including for felonies, may be requested after an initial job application, for example after the completion of an initial job application and after an initial screening interview. The law still limits the type of criminal records information that can be used in making any decision to hire an employee.

Other employment law changes occurred in 2010 and many state and federal agencies have hired additional staff to enforce new laws as well as compliance with old laws. So, before you ring out the old year, make sure you are in compliance with changes and existing law so you can confidently ring in the new year.