Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Category Archives: Workplace Privacy

Subscribe to Workplace Privacy RSS Feed

General Counsel, Is Your Website Vulnerable?

Posted in Cyber and National Security, Technology, Workplace Privacy

A report just released by security startup, Menlo Security, found that one-third of the top one million websites have already been compromised with malware or are running outdated or unpatched software that is vulnerable.

The problem is two-fold:

1. Does your website contain vulnerabilities?
As the report notes, these website vulnerabilities are easily detectable by hackers. In fact, information about the software running on your website (e.g., web servers, content management systems, application frameworks) is readable by any standard browser and can easily be cross-referenced against publically available lists of known vulnerabilities. If you website software is out of date, you are a potential target.

What can you do? Your technical and security teams should have formal processes for scanning your website for new vulnerabilities and making sure that all website software is promptly patched and updated. Simply running the most current version of the software can help eliminate many of the known threats.

If you find that your website has been compromised, have a prepared incident response plan that has been tested so that you can react quickly. Companies that are able to identify and response to security incidents in a quick and comprehensive manner are usually ... Continue Reading

New Guidance for Employers Conducting Background Checks

Posted in Employment, Workplace Privacy

Employers who investigate workers’ criminal or credit backgrounds may want to review federal guidelines released March 10.

The joint publication of the Federal Trade Commission and the Equal Employment Opportunity Commission provides detailed guidance for employers who check into the criminal or credit histories of applicants or employees. “Background Checks: What Employers Need to Know” aims to guide employers in complying with federal laws that prohibit workplace discrimination and regulate commercial background reporting agencies.

Separate laws restricting employers’ ability to request and/or rely on such background checks have also been enacted by many states and cities, including Seattle and San Francisco.

The publication released today offers guidelines for developing policies and practices that avoid improper practices or discriminatory employment decisions. For example, the report advises:... Continue Reading

San Francisco Enacts Employee Privacy Ordinance

Posted in Employment, Workplace Privacy

A new San Francisco ordinance will prohibit employers and city contractors from asking job applicants about their criminal histories until after they conduct a live interview or make a conditional offer of employment. When the ordinance takes effect in August, San Francisco will join the ranks of 10 states and more than 50 cities to restrict employers’ inquiries into applicants’ criminal backgrounds. Check out our advisory on the San Francisco ordinance here.

Last year, Seattle restricted employers’ ability to inquire about applicants’ histories.... Continue Reading

Photos of Sony “Hermione” Cell Phone Lead to Legal Demand

Posted in Workplace Privacy

On the heels of the well-publicized litigation brought by Apple against bloggers who posted information about an upcoming product release on their sites (see reports here and here), another cautionary tale. Sony Eriscsson recently sent a cease and desist letter to the owners of the website Ubergizmo, based in Palo Alto, California, concerning pictures of the “Hermione” mobile phone that were posted on the site.... Continue Reading