[BreachExchange] Are you overlooking this major legal risk?

[Audrey McNeil]

http://www.hrmonline.co.nz/news/are-you-overlooking-this-
major-legal-risk-243565.aspx

A leading employment lawyer has warned HR professionals about the risk of
workplace privacy breaches, saying many departments don’t realise that the
potential repercussions are steadily increasing.

“I’m telling all of my clients that they need to ensure they have people in
the organisation who are really sound on privacy because a lot of employers
are underestimating the risk,” says Hamish Kynaston, a partner with Buddle
Findlay.

“A lot of employers aren’t aware of the increased risk or the technical
requirements that apply and I think people are getting into difficulty as a
result.”

According to Kynaston, there’s a growing trend of employees pursuing
privacy issues through the Privacy Commission and the Human Rights Review
tribunal because both organisations have shown a commitment to providing
meaningful remedies for employees.

“The damages and compensation awards are on the increase and are tending to
be higher than the employee might otherwise secure through the traditional
employment dispute resolution processes,” says Kynaston.

It’s for this reason that Kynaston says HR professionals must ensure
they’re meeting traditional employer obligations to protect employee
privacy but also the statutory obligations under the Privacy Act, which
apply to the collection, storage, use, and disclosure of and access to
information.

“Having good technology in place is the minimum, then really it’s about
having a good culture around privacy in the workplace, providing regular
training and having good policies and systems in place to ensure that
sensitive information that employers hold about employees is protected and
handled appropriately.”

If an employer had breached employee privacy – whether that means attaching
information to the wrong email or even granting public access to private
information – Kynaston says employers should always react with honesty.

“Employers, if there has been a breach, will usually ask what they need to
do in these circumstances and the answer is to be up front with the
employee and to apologise early,” Kynaston tells HRD. “Then, of course,
it’s about taking steps to prevent any further breach.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171113/f1108fe3/attachment.html>