If your organization hasn't taken identity theft seriously, here are two good reasons to start now: Starting June 1, federal law requires you to properly dispose of-check information that you gather for employment-screening purposes. Plus, a first-of-its-kind court ruling places new legal responsibilities on you to safeguard employees' personal data, particularly Social Security numbers (SSNs).
New federal "disposal rule." Last year's Fair and Accurate Credit Transactions Act included the so-called "disposal rule," which requires your organization to properly dispose of "any record about an individual, whether in paper, electronic or other form that is a consumer report or is derived from a consumer report" that can identify that person individually.
The law doesn't mandate any specific type of "proper" disposal method, but suggests shredding paper files, erasing electronic files or some other "reasonable" means. The new rule applies to every business, regardless of size or number of employees. Fines are stiff: Employers whose employees' identities are stolen can be subject to actual damages, civil fines of up to $2,500 per employee and class-action lawsuits. To read more on the rule, see the Federal Trade Commission's site at www.ftc.gov/os/2004/11/041118disposalfrn.pdf.
Court ruling: Meanwhile, the Michigan Court of Appeals recently became the first court to allow employees who are identity-theft victims to recover damages from an employer. The case dealt with a supervisor who took employee data home. His daughter stole the data and used it to commit identity theft. Employees sued the company for negligence and won. (Bell v. Michigan Council 25 AFSCME)
That court won't be the last to act; its ruling could become a benchmark for courts around the nation. Plus, many states are adding new laws that add to your liability burden.
What must you do now? Write a stricter policy detailing how your company safeguards, stores and discards employees' identifying information.
To comply with the new federal rule, ensure that documents containing personal information are being properly shredded or erased. If you outsource the task to a third party, you also need to confirm that your vendor complies with the law.
It's also not enough to issue a policy saying documents containing SSNs must be protected. Instead, detail how to carry out the proper safeguarding and destruction of personal data.
Explain that employees with access to information containing SSNs must shred those documents when discarding them. And clearly state who has access to such documents and where and when that access should occur.
Even better: As we've advised before, avoid using SSNs on employee documents whenever possible.
Like what you've read? ...Republish it and share great business tips!
Attention: Readers, Publishers, Editors, Bloggers, Media, Webmasters and more...
We believe great content should be read and passed around. After all, knowledge IS power. And good business can become great with the right information at their fingertips. If you'd like to share any of the insightful articles on BusinessManagementDaily.com, you may republish or syndicate it without charge.
The only thing we ask is that you keep the article exactly as it was written and formatted. You also need to include an attribution statement and link to the article.
" This information is proudly provided by Business Management Daily.com: http://www.businessmanagementdaily.com/207/tighten-policy-to-foil-new-identity-theft-risks "
- Background Check Guidelines: How to comply with the Fair Credit Reporting Act and avoid lawsuits
- Employer beats EEOC in credit-history fight
- Workplace violence: Georgia law opens liability beyond workers' comp
- FCRA: How to comply with background-check rules
- New limits on use of credit reports take effect in July