This is the scariest thing we’ve read in a long time—the Department of Justice just reported that an Alabama man has been sentenced to 24 months in federal prison for stolen identity refund fraud, or SIRF. The guy, who worked at a company’s warehouse, sold employees’ Social Security numbers that he found while rummaging through boxes containing old W-4 forms.
Kinda makes you wonder about the security of the files at that place you worked when you first got out of school, doesn’t it?
What to do about all that paper
departments do what they’re supposed to do—hang onto employees’ W-4s and Copy D of employees’ W-2s for extraordinarily long periods of time. For W-4s that may be indefinitely, since they remain effective until employees refile with you.
It’s not just W-4s and W-2s: Direct deposit enrollment forms, health benefit applications, child support garnishment orders and forms on which employees note their beneficiaries for 401(k) accounts also contain sensitive information any SIRFer would need to steal an identity.
How you store these documents is up to you. But it’s apparent now that these documents probably shouldn’t be stored on paper. Here are some do’s and don’ts to consider:
- Do have one of your trusted staff members scan the documents into the computer system.
- Don’t hire a temp to do this, because … well … you shouldn’t trust a temp with sensitive data.
- Don’t scan documents into a computer that’s connected to the internet.
- Do limit access to this computer and install and update firewalls and anti-virus software, if you can’t take it completely offline.
- Do password-protect the files.
- Do consider how you’ll organize and sort the documents, once scanned. You have three choices: by subject matter (i.e., all W-4s together), employee or chronologically. Whatever system you use, be sure to apply it consistently over the ensuing years.