While Cyber Space Rules, Does It Also Make Us Liable?

Contributed by Julie Proscia

In a world where cyber space rules, employers need to ensure that their customer, business and client information is protected. While our cyber tech attorneys and IT professionals handle the tech-y details of the network configuration, on the labor & employment front, we also need to ensure that we have policies and procedures in place to govern our employees’ behavior, reduce liability, and increase accountability.

In today’s universe, work is rarely conducted 100% of the time in the office behind a desk. Our employees and our information are on the go: cell phones, laptops, iPads, etc. Although this increased accessibility may be productive and conducive to client needs, it also leaves our confidential information vulnerable.  In order to ensure that our employees are protecting our confidential information in a portable world, employers need to set policies and procedures to govern electronic information.

Does this scenario sound familiar?  Jane Doe employee has access to her email and her work product on her phone and iPad. She runs into the store for 10 minutes after work to grab her dry cleaning. In that quick 10 minutes, someone snags her briefcase which contains both her phone and iPad. Neither devices are password protected or locked.  Although she calls the police that evening, she does not inform you until the following day when she gets to work. At this point, the thief has had easy access to all of your data and confidential information for about 16 hours. Not a good scenario.

Cloud Computer, Tablet, Phone

Every employer who has any confidential information that is remotely accessible needs to have policies in place relating to electronic communications. Most already have general policies in their Employee Handbooks relating to expectations of privacy and ownership of information.  However, these policies need to go a step further and should also address the protections needed for electronic devices. Specifically, employers need to have policies that regulate who should and can have access to email and confidential information. These policies should also require that password locks be placed on all electronic devices if any confidential information can be accessed (this includes email). Moreover, employees should be required to immediately notify their employer if an electronic device is lost or stolen so the company can lock and remotely wipe the data. Employees should also be advised in the policy that the failure to safeguard the devices or promptly notify the company may result in disciplinary action up to and including termination.

We definitely cannot turn back the clock.  The work day is 24/7, and in all corners of the Earth.  However, we can minimize our exposure by implementing both tech related firewalls and access, as well as employment related policies and procedures. In an age where digital theft and data breaches are splashing headlines every day, ie. Target, Jennifer Lawrence etc., not taking these simple steps is silly if not reckless.