I’m not sure if’n this is the right forum, if it isn’t, I’m sure Unca-bunca-burnin’ Beer will put it in its right place.
A friend of mine is a member of a health insurance plan at his work. The company sent out new information concerning changes to the plan. Inadvertantly (apparently) they also sent out to thousands of employees his children’s names, ages, social security numbers and other personal data. He doesn’t wish to make too many waves yet, but the company has taken a “It’s no big deal. There’s no harm done. Why are you worrying, we’ll fix it sooner or later” attitude.
He’s in New Jersey. He doesn’t want to hire a lawyer yet and escalate the situation. He also is scared about having that kind of information out there with the company’s non-chalent attitude.
What should his first step be? What law protects him? What is he entitled to in rectifying the situation? What is the company’s responsibility?
Any specific law which he could look up on his own and use in discussions with management would be helpful. Any advise is welcomed too.
I know, and he now knows, that no major action other than speaking with his supervisor should be taken without consulting a lawyer. BTW, what kind of lawyer should he speak to about this situation?
I guess that’s enough for you guys to ponder for now.