The recent Federal Trade Commission (FTC) settlement with Uber for violation of user privacy underscores the need for organizations to take workforce privacy seriously and to implement risk management practices to reduce the implications of privacy harms for both the organization and the individual users. Workforce privacy is a growing consideration for companies as the lines between work-related data and personal data are becoming more blurred: benefits data, compliance data, social media, e-mail and chat, information security, online collaboration tools, web logs. In addition to the tools companies arm their employees with that yield a field of potential problematic data actions, there are the administrative, technical and physical controls that need to be assessed in reducing potential harms that employees may (inadvertently or not) cause for the organization or end-users. Such controls, as highlighted by the FTC’s settlement with Uber, focus on access controls, workforce training and the need to regularly conduct risk assessments of privacy policies, practices, and monitoring. The Office of Civil Rights (OCR) is similarly enforcing the importance of conducting regular risk analyses and implementing risk management plans, as evidenced in the recent Notice of Final Determination against Children’s Medical Center of Dallas. OCR stated that, “although OCR prefers to settle cases and assist entities in implementing corrective action plans, a lack of risk management not only costs individuals the security of their data, but it can also cost covered entities a sizable fine.” Kuma’s Jenn Behrens (Partner & EVP Privacy) will be discussing the importance of organizational management of the risk of and recent case law analysis of legal implications of workforce privacy at the 47th Annual Conference on Labor Relations and Employment Law for the Virginia Bar Association. Dr. Behrens will join Maya Glaser, Esquire (CapitalOne) on the panel presentation Bring Your Own Device Policy Updates & Navigating Data Privacy Hurdles, moderated by Elizabeth M. Ebanks, Esquire.
Contact Jenn (jenn.behrens@kuma.pro) to find out more about how Kuma can help your organization assess privacy risk and develop a risk management plan to minimize the impact of current risk and reduce the likelihood of accepting new risk into your organization. Find out more about Kuma at www.kuma.pro.