Access Exclusive, Trusted HR News & Resources >>> New Professional Members Save $20 Today
Sustainable design practices lead to happy employees—and healthy businesses.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Set yourself up for success with virtual SHRM-CP/SHRM-SCP Certification Prep Seminars.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
In early February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. Since the IRS warning, this type of scam has taken numerous victims. On February 15, Virginia Wesleyan College released a notice stating that the 2016 W-2 tax form information of its employees had been sent that day to an unauthorized third party as a result of an email scam. The information was sent by an employee who believed a spear-phishing email was a legitimate request for W-2 forms.
In light of the IRS warning, together with the Virginia Wesleyan College phishing scam, on March 13, Virginia Governor Terry McAuliffe approved a first of its kind amendment to Virginia's data breach notification statute.
The new amendment requires employers and payroll service providers to notify the Virginia Office of the Attorney General of "unauthorized access and acquisition of unencrypted computerized data containing a taxpayer identification number in combination with the income tax withheld for an individual."
Notably, notice is required even if the breach does not otherwise trigger the statute's requirement to notify affected residents of a breach.
Notice to the Office of the Attorney General of a breach of computerized employee payroll data must include the affected employer or payroll service provider's name and federal employer identification number. Following receipt of notice, the Office of the Attorney General is then required to notify Virginia's Department of Taxation of the breach.
This amendment to the Virginia statute becomes effective July 1, and in light of the growing concern for W-2 phishing scams it would not be surprising if other states follow suit.
Employers should advise their staff to exercise caution when responding to requests for W-2 forms and confirm verbally that the request is valid.
Jason C. Gavejian is an attorney with Jackson Lewis in Morristown, N.J. © Jackson Lewis. All rights reserved. Reposted with permission.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Choose from dozens of free webcasts on the most timely HR topics.
SHRM’s HR Vendor Directory contains over 3,200 companies