Protect your company from well-intentioned ID theft laws

On June 20, Pennsylvania became the latest state to set stiff penalties for any business found guilty of mishandling sensitive employee information. That makes 45 states and the District of Columbia that have passed similar identity-protection laws over the past four years.

And, of course, the feds passed the Fair and Accurate Credit Transaction Act of 2003, which says businesses that negligently or purposely allow employees’ or customers’ personal data to fall into the wrong hands can face fines up to $2,500 per infraction.

To make matters worse, many state businesses with employees who live in different states are left to interpret the crazy quilt of state laws. While some federal legislation has been introduced to help ease the confusion, it’s unclear if or when it will be passed.

In the meantime, here’s how you can protect your business from falling prey to identity-theft sanctions:

-Accept online job applications only through encrypted Web pages.

-Store paper job applications in a locked area with limited access.

-Require employees who handle and process hiring or payroll information to sign a confidentiality agreement.

-Screen employees who handle personal information. Thorough background checks can go a long way toward protecting your business should you be cited or sued.

-Keep company laptops and equipment at your business base. If you’re going to allow them outside your walls, make sure the data is password-protected and encrypted.

-Don’t try to hide security breaches. Notify law enforcement personnel first. For an analysis of the Fair and Accurate Credit Transaction Act, visit the National Consumer Law Center at