You Can’t Just WISPer – Employers Must Publish or Display Security Policies

Michael-LaVelleWISP is the acronym for Written Information Security Policy.  The information at issue is an individual’s personal information and identifiers, such as a Social Security number, driver’s license number, credit or debit card or bank account number, or passport number.

Given the problem of identity theft, and the recent news headlines of massive hacking of personnel records of present and former government employees, Connecticut employers should remember that they possess sensitive personal information of their employees, simply by virtue of obtaining a W-4 form with Social Security number at the time of hire, and often a bank account number for direct deposit.   Under Connecticut statutes, employers have a legal duty to  protect  this information, and to safeguard the computer files and documents which contain such information.

In particular, General Statute section 42-471 requires businesses which collect Social Security numbers to create a privacy protection policy which will protect the confidentiality of Social Security numbers, limit access and prohibit unlawful disclosure; in short, to have a  WISP.   Moreover,  employers  must publish or publicly display the WISP, such as in a policy statement or employee handbook.  The statute specifically allows for publication of the WISP by posting on an Internet web page.

Of course, a policy cannot just be created and published, it must also be enforced.  But compliance with the statutory requirement to publish or display the WISP is the first step, and provides the basis for training and supervision to ensure that the policy is carried out.

Posted in Privacy

This blog/web site presents general information only. The information you obtain at this site is not, nor is it intended to be, legal advice, and you should not consider or rely on it as such. You should consult an attorney for individual advice regarding your own situation. This website is not an offer to represent you. You should not act, or refrain from acting, based upon any information at this website. Neither our presentation of such information nor your receipt of it creates nor will create an attorney-client relationship with any reader of this blog. Any links from another site to the blog are beyond the control of Pullman & Comley, LLC and do not convey their approval, support or any relationship to any site or organization. Any description of a result obtained for a client in the past is not intended to be, and is not, a guarantee or promise the firm can or will achieve a similar outcome.

Subscribe to Updates

About Our Labor, Employment and Employee Benefits Law Blog

Alerts, commentary, and insights from the attorneys of Pullman & Comley’s Labor, Employment Law and Employee Benefits practice on such workplace topics as labor and employment law, counseling and training, litigation, union issues, as well as employee benefits and ERISA matters.

Other Blogs by Pullman & Comley

Connecticut Health Law Blog

Education Law Notes

For What It May Be Worth

Recent Posts


Jump to Page