employee census data mishap

[Guest Jon G.]

I represent a client whose 3rd party recordkeeper mailed a disk with census date (including SSNs) to the wrong Company. The disk was returned promplty and the client currently has the information. Does the employer have a duty to disclose this mishap to participants? If anyone has had a similar situation or any insight into the matter please let me know what you think. Thanks.

[Guest WantsToLearn]

I think yes. Imagine the fallout if the client finds out later, it would make the recordkeeper look really bad, and dishonest. The client may wonder, what else is being hidden.

Tell the client, and explain that the data was returned immediately

[Guest Pensions in Paradise]

First, was the disk password protected? If no, then you need to question the recordkeeper why they are sending confidential data through the mail.

As far as notifying participants, I think it would create more harm than good. Think about who the disk was accidently sent to. It was either the HR person at the other company or a company officer. So more than likely that other person is trustworthy. Its not like it was sent to a random person. The fact that the other person sent the data back immediately is a good sign they are trustworthy.

If you tell the employees it will just make them worry.

Now with all of that said, you should check your state privacy laws. Our state just passed a law which requires employers to disclose this type of incident to affected employees!!