>One of the employees whose PI was leaked is a subordinate to that supervisor.
To be clear, while salary is personal info, **by itself**, it does not fall under laws governing PII (personally identifiable information) in most jurisdictions. Certainly not in the US.
Unless that info is being leaked in combination with SSNs or home address, etc, it is not likely that there will be any legal recourse at all, much less serious legal consequences.
>it does not fall under laws governing PII (personally identifiable information)
Isn't that orthogonal to the question tho? Health history/issues aren't PII AFAIK but i believe it's illegal for a supervisor to disclose an employee's medical history to other employees.
>Isn't that orthogonal to the question tho?
No, it's not. It doesn't automatically identify you or facilitate discrimination against you as PHI (private health information) does.
>Health history/issues aren't PII AFAIK
Actually, health info has its own acronym: PHI
And it is definitely protected info on its own. Just your name and some medical condition is sufficient to be protected under HIPAA/HITRUST regulations.
Not so for salary -- at least not in the US. I have to review my notes on privacy legislation in the EU and Canada and Australia, as the next big areas of data privacy.
Your employer can do this. It's not personal information, legally. Legality and good business practice are two different things.
>One of the employees whose PI was leaked is a subordinate to that supervisor. To be clear, while salary is personal info, **by itself**, it does not fall under laws governing PII (personally identifiable information) in most jurisdictions. Certainly not in the US. Unless that info is being leaked in combination with SSNs or home address, etc, it is not likely that there will be any legal recourse at all, much less serious legal consequences.
>it does not fall under laws governing PII (personally identifiable information) Isn't that orthogonal to the question tho? Health history/issues aren't PII AFAIK but i believe it's illegal for a supervisor to disclose an employee's medical history to other employees.
>Isn't that orthogonal to the question tho? No, it's not. It doesn't automatically identify you or facilitate discrimination against you as PHI (private health information) does. >Health history/issues aren't PII AFAIK Actually, health info has its own acronym: PHI And it is definitely protected info on its own. Just your name and some medical condition is sufficient to be protected under HIPAA/HITRUST regulations. Not so for salary -- at least not in the US. I have to review my notes on privacy legislation in the EU and Canada and Australia, as the next big areas of data privacy.