In the past, thieves stole a person's identity mostly by snatching a wallet, intercepting mail or digging through garbage to find identifying data. Not anymore. Now, the top source of identity fraud results from the theft or misuse of employer records, according to a recent report by credit-information provider TransUnion.
How do they do it? Often, it's an inside job by disgruntled workers or temps who gain access to employee Social Security numbers, addresses and financial records. Sometimes, identity thieves work for third-party vendors that handle corporate credit accounts or other services. Sometimes, it's as simple as a janitorial worker taking a lunch receipt from the worker's wastebasket.
Victimized workers sue employers
As you can expect, employees seek legal action when their identity is ripped off and traced back to their employers' lax records security.
But could your company be liable in a case of workplace identity theft? Yes, if the employee proves you didn't take reasonable care to protect your records.
"You have to show that the employer openly disregarded procedures that would protect the information and didn't exercise reasonable care," says Garry Mathiason, senior partner of employment law firm Littler Mendelson P.C. "Unfortunately, it's not always a situation where you can draw a bright line. But wherever that magic line is, it's going up."
Example: Say personnel files were stolen from two separate companies. In one case, the files were left out in the open. In the other, they were stored in a locked file cabinet. The former could likely be labeled employer neglect, but the latter probably would not. And because these types of claims are fairly new, the true liability scope grows.
7 ways to protect records and avoid ID-theft liability
No workplace is 100-percent safe from identity theft. But some low-tech defenses return high-level protection from the crime:
1. Lock up and limit access. Keep personnel files locked in a secure area and limit access to them. Minimize the types and amount of data you store on employees, dependents and customers.
2. Safeguard Social Security numbers (SSNs). Don't use SSNs as employee identification. Also, when possible, never print SSNs on staff badges, insurance cards, claim forms, paycheck stubs, timecards or time sheets, parking permits, training program rosters, monthly account statements or client reports. Instead of SSNs, use alternate, randomly assigned numbers as employee IDs and encrypt sensitive information when in transit.
3. Plug the holes. Password-protect access to computer files. Have workers regularly change their codes and halt access to your company data immediately after a person leaves your company.
4. Shred it. Always destroy any discarded documents that contain personal identifiers and account numbers. If your firm outsources document destruction, require the contractor to give you proof of its practices.
5. Check backgrounds. Conductand criminal checks of employees who access personnel data. Require them to sign confidentiality agreements.
6. Scrutinize third-party vendors and temp agencies. Make sure outside vendors are just as committed to protecting confidential information as you are.
7. Communicate. Regularly remind employees about security practices. Let them know what they should do
if they believe their personal identifying information is compromised.
Preventing ID theft
Like what you've read? ...Republish it and share great business tips!
Attention: Readers, Publishers, Editors, Bloggers, Media, Webmasters and more...
We believe great content should be read and passed around. After all, knowledge IS power. And good business can become great with the right information at their fingertips. If you'd like to share any of the insightful articles on BusinessManagementDaily.com, you may republish or syndicate it without charge.
The only thing we ask is that you keep the article exactly as it was written and formatted. You also need to include an attribution statement and link to the article.
" This information is proudly provided by Business Management Daily.com: http://www.businessmanagementdaily.com/581/guard-hr-records-the-no-1-source-of-identity-theft "
- Do you need a policy barring workers from forwarding e-mails to personal accounts?
- Surveillance video law: How do we comply?
- 2006 Farmingdale noose incident subject of new discrimination suit
- Include an extension clause in your noncompete agreements
- Lufkin Industries workers ratify 3-year labor contract