By Jennifer Archie and Alex Stout

Tax-related identity theft is nothing new, but tax season 2016 took tax schemes to a new level.

Last year, our cyber experts advised a large cluster of clients (public and private companies) over a period of only two weeks, following a nationwide explosion of deviously simple attacks—mostly targeted at mid-size companies—that followed the same fact pattern:  the Director of Human Resources or Chief Financial Officer received an email appearing to come from a senior executive (normally the CEO) asking for copies of all of the company’s W-2 tax forms; the recipient was fooled by the email and sent the requested records to the attacker; and hours or days later, the company came to the sickening realization that hundreds, if not thousands, of personnel records were compromised. Even worse, the stolen information was rapidly exploited in fraudulent tax return filings, diverting expected tax refunds to the scammers, and saddling often the most senior (highly compensated) company employees with a huge headache of sorting out their personal finances and tax return status with the IRS.

These tax refund thefts attacks are highly automated, quick, easy, and inexpensive to initiate, and last year fraudsters blanketed businesses with record volumes of attacks. As simple as the attacks are, it can be a difficult and painful process to protect your employees in the aftermath.

By Omar Elsayed

Although some surveys of privacy law suggest otherwise, privacy requirements do in fact exist in the Kingdom of Saudi Arabia (KSA)and are very relevant to companies operating there or seeking to provide services to customers in KSA.

Background

The paramount body of law in KSA is the Sharīʿah. The Sharīʿah is comprised of a collection of fundamental principles derived from a number of different sources, which include the Holy Qu’ran and the Sunnah, which are

By Linda Inscoe and Joseph Farrell

On September 27, 2012, California became the third state to enact legislation protecting employees, job applicants, university students and prospective students against coerced disclosure of usernames, passwords and other information related to personal social media accounts, such as Facebook, MySpace and Twitter accounts, text messages, private email accounts, blogs and podcasts. Governor Edmund G. “Jerry” Brown signed Assembly Bill 1844 (AB 1844) and Senate Bill 1349 (SB 1349), increasing privacy

Spokeo Consent Decree Serves as Important Caution to Buyers and Sellers of Social Media Reports on Consumers to Understand and Comply with FCRA

By Jennifer Archie, Kevin Boyle and Kelsey McPherson

As part of a settlement announced Monday, the FTC sends a reminder that the requirements of the Fair Credit Reporting Act (“FCRA”) apply to a service that aggregates data made publicly available on social media sites and then markets the data to businesses for use in hiring decisions. Web

Many employers have adopted policies establishing guidelines for responsible blogging and use by employees of social networking media sites such as Facebook, MySpace, Twitter and YouTube.  These policies typically require that employees make clear that they are not speaking on behalf of their employer, unless specifically authorized to do so; comply with company policies regarding nondisclosure of confidential business information, discrimination, and harassment; and be respectful in their comments about co-workers and customers.  Companies commonly reserve the right to discipline

Thumbnail image for iStock_000005643842XSmall.jpgGoogle has consented to the entry of a proposed Agreement Containing Consent Order with the US Federal Trade Commission, subjecting the company to sweeping government oversight of its privacy disclosure and product development and release practices, nominally arising out of the roll-out of its Buzz product in February 2010. The auditing and reporting requirements are staggering in scope, breadth and duration, reaching Google’s entire business, not merely online communication products such as Gmail. One interpretation of the (rather amazing) document

On 5 November 2010, the German Second Chamber (Bundesrat) commented on the Government’s draft for the new HR Privacy Bill. The Government introduced the bill in August in order to create specific rules for the collection and processing of HR data before, during and after an employment relationship. The Bill includes prohibits the use of social networks for research on candidates and sets out specific rules for different types of employee monitoring. The Bundesrat demands from the

Illinois recently enacted the Employee Credit Privacy Act (“ECPA” or the “Act”), which prohibits employers from recruiting and hiring applicants based on such individuals’ credit histories or credit reports. The Act, which was adopted on August 11, 2010 and will take effect on January 1, 2011, generally prohibits employers from inquiring about an applicant’s or employee’s credit history or ordering or obtaining an applicant’s or employee’s credit report from a consumer reporting agency. The Act also prohibits an employer from