Not a Member? Get access to HR news and resources that you can trust.
HR professionals share their advice for minimizing worker stress and boosting retention.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Virtual SHRM-CP/SHRM-SCP Certification Prep Seminars kick off September 12 and fill up fast!
Expand your influence and learn how to become an effective leader. Join us in Phoenix, AZ | OCTOBER 2 - 4, 2017
In early February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. Since the IRS warning, this type of scam has taken numerous victims. On February 15, Virginia Wesleyan College released a notice stating that the 2016 W-2 tax form information of its employees had been sent that day to an unauthorized third party as a result of an email scam. The information was sent by an employee who believed a spear-phishing email was a legitimate request for W-2 forms.
In light of the IRS warning, together with the Virginia Wesleyan College phishing scam, on March 13, Virginia Governor Terry McAuliffe approved a first of its kind amendment to Virginia's data breach notification statute.
The new amendment requires employers and payroll service providers to notify the Virginia Office of the Attorney General of "unauthorized access and acquisition of unencrypted computerized data containing a taxpayer identification number in combination with the income tax withheld for an individual."
Notably, notice is required even if the breach does not otherwise trigger the statute's requirement to notify affected residents of a breach.
Notice to the Office of the Attorney General of a breach of computerized employee payroll data must include the affected employer or payroll service provider's name and federal employer identification number. Following receipt of notice, the Office of the Attorney General is then required to notify Virginia's Department of Taxation of the breach.
This amendment to the Virginia statute becomes effective July 1, and in light of the growing concern for W-2 phishing scams it would not be surprising if other states follow suit.
Employers should advise their staff to exercise caution when responding to requests for W-2 forms and confirm verbally that the request is valid.
Jason C. Gavejian is an attorney with Jackson Lewis in Morristown, N.J. © Jackson Lewis. All rights reserved. Reposted with permission.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 3,200 companies
[/_catalogs/masterpage/SHRMCore/Main.master][Title][SHRM Online - Society for Human Resource Management]