Practical Privacy Series: Human Resources

New York, NY

June 17, 2008

On Tuesday June 17, 2008 privacy professionals gathered in New York, NY for an intensive day-long workshop focusing on privacy in the workplace.

View Brochure

Session 1: Sex Offenders, Terrorists, And Video Resumes: How Far Can You Go To Get Information About Prospective, Current, And Former Employees?
Philip Gordon, Esq., Underwriter, Littler Mendelson, P.C.

With ready access to sensitive personal information, employers are under increasing scrutiny to maintain a workforce that is beyond reproach.  Social networking sites, blogs and other resources offer a wealth of information on candidates and employees. How deeply should employers tap these new information sources?  This presentation will help frame the debate for your own organization.

Presentation (PDF 1,433KB)

Session 2: Its 10:00 AM:  Do You Know Where Your Employees Are And What They Are Doing?
Gary Clayton, CIPP, CEO, Privacy Compliance Group

New technology offers employers ever more sophisticated tools to keep tabs on their employees, but to what extent does this monitoring expose them to liability? This session examines the evolving U.S. law on these issues and discusses the challenges for global employers confronting data protection regimes modeled on the EU Data Protection Directive.
Session 3: HIPAA, FMLA, ADA, CMIA:  How To Handle Employee Health Information And Drug And Alcohol Testing In Compliance With The Alphabet Soup Of State And Federal Confidentiality Requirements
Nancy Delogu, Esq., Littler Mendelson, P.C.

Managing employees' health is a critical business imperative. Employers confront a maze of laws and regulations governing the confidentiality of employee health information, and dire consequences for mishandling such information. This session addresses questions on collecting, using, storing, documenting and disclosing employee health information, among other concerns.

Presentation (PDF 1,055KB)

Session 4: HR Privacy Risk Assessments: Lessons Learned, Leading Practices, Changing Risks and New Opportunities
Lydia Payne-Johnson, CIPP, Financial Services Privacy Consultant,  PricewaterhouseCoopers, LLP
Peter Rabinowitz, Privacy, Governance & Risk Compliance Consultant, PricewaterhouseCoopers, LLP

Safeguarding HR information often iplays second fiddle to seemingly more imperitive privacy data, such as patient or customer information. Yet it can be among the most sensitive at an organization.  This presentation highlights key lessons learned from HR privacy risk assessments across industries, and from helping organizations remediate weaknesses in their control environments.

Presentation (PDF 212KB)

Session 5: What to Do When an HR Security Breach Inevitably Occurs
Rick Dakin, President and Founder, Coalfire Systems
Brian O'Connor, CIPP, Chief Security & Privacy Officer, Eastman Kodak Company

A security breach involving human resources data is high-stakes for organizations. This presentation focuses on the most common causes of HR security breaches and explains from the trenches how to respond in compliance with applicable notice laws, and without a disgruntled workforce when the dust clears.

This session looks into the logistics of operationalizing a response program and handling specific recurring incidents.

Presentation 1 (PDF 891KB) Presentation 2 (PDF 112KB)