Employers have a duty to protect their employees from identity theft. That means making sure no unauthorized party can gain access to employees’ Social Security numbers, banking information (that might show up on direct-deposit authorizations, for example), dates of birth or any other data criminals could use to steal their money or compromise their privacy.
The federal Fair and Accurate Credit Transaction Act (FACTA) of 2003 says employers that negligently or purposely let employees’ personally identifiable data fall into the wrong hands can face fines of up to $2,500 per infraction. (FACTA applies to customer data, too.)
In addition, almost every state has its own law dealing with identity theft —and many hold employers to a higher standard than the federal law.
How to comply
Instead of attempting to interpret the crazy quilt of state laws, adopt a gold standard data-security policy that meets the most stringent requirements. Security experts suggest that employers chart the flow of personal information through their organizations and develop a protection strategy at each stage.
Here are six ways to do so:
1. Secure job applications, which contain sensitive information. Store paper applications in a locked area with limited access. Receive applications over the Internet only through encrypted web pages.
2. Require confidentiality agreements for employees who handle and process hiring or payroll information. Make it clear that employees selling, distributing or even negligently exposing personal information may be subject to criminal prosecution.
3. Run background checks on staff who handle personal information.
4. Implement a data-removal policy that limits who can take sensitive information from your premises and how they must secure it. It’s best to make sure employee data stay within your walls. But if you do allow employees to remove personal data—say on laptops—make sure to password-protect and encrypt the data.
5. Don’t cover up breaches. Inform employees right away so they can work with financial institutions to limit the damage. Law enforcement officials may ask you to stay mum while they investigate, but most states require you to notify employees as soon as the police give the go-ahead.
6. Implement a document-destruction protocol. State laws generally don’t dictate when you should destroy old documents, but some dictate how. The strictest states require you to shred paper documents before discarding them. Electronic records must be erased completely, and all duplicate records destroyed.
ID theft online resources
Like what you've read? ...Republish it and share great business tips!
Attention: Readers, Publishers, Editors, Bloggers, Media, Webmasters and more...
We believe great content should be read and passed around. After all, knowledge IS power. And good business can become great with the right information at their fingertips. If you'd like to share any of the insightful articles on BusinessManagementDaily.com, you may republish or syndicate it without charge.
The only thing we ask is that you keep the article exactly as it was written and formatted. You also need to include an attribution statement and link to the article.
" This information is proudly provided by Business Management Daily.com: http://www.businessmanagementdaily.com/10294/6-steps-hr-must-take-to-prevent-identity-theft "