Recently, a California state appellate court in Cutler v. Dike, No. B210624, 2010 WL 3341663 (Cal. Ct. App. Aug. 26, 2010), upheld a jury finding that an employer illegally fired an employee because he objected to the manner in which his employer maintained its confidential patient information. This decision, along with a similar New Jersey federal court decision (Zungoli v. U.P.S., No. 07-2194, 2009 WL 1085440 [D.N.J. Apr. 22, 2009]), should reinforce for employers the need to take all employee complaints of data security seriously and to avoid taking any retaliatory action against employees who voice these complaints.
Many states statutorily prohibit private sector employers from retaliating against employees who report, or refuse to participate in, employer violations of federal or state laws or regulations. Among these federal and state laws and regulations are laws requiring employers to safeguard employee, consumer, and patient information. For example, New York employers are required to develop and utilize safeguards to protect against the unauthorized access of social security numbers, while California employers are required to implement and maintain security procedures and practices that protect against unauthorized access, disclosure, and use of personal information. Federal Health Insurance Portability and Accountability Act (HIPAA) laws and regulations require covered employers to ensure the confidentiality, integrity, and availability of all electronically protected health information the employer creates, receives, maintains, or transmits, including protecting against any reasonably anticipated threats or hazards to the security or integrity of such information.
Please see full publication below for more information.