Is Your Business Liable for Employee Identity Theft?
This author is often surprised by the blasÃ?© attitude many employers take with employee information and the information of individuals applying for jobs. I have routinely witnessed applications simply being tossed into the trash or left out in a public area for anyone who wishes to take a look. When I query them about why they threw the application in the trash or left it out in the open, they often look at me with a quizzical and confused expression. I sometimes get responses like, “we don’t need it any more,” or “it’s just an application.” I try not to raise my eyebrows-but it is hard not to react.
Let’s take a look at just how important that employment application is. The application contains enough personal information for an identity thief to get up and running on the Internet with another individual’s identity in a matter of minutes-social security number, home address, previous and/or present employer. Wow! It’s a goldmine. Applications should not simply be thrown away; they should be shredded!
Where do you keep new and existing employee applications? Is access limited to authorized employees? Are they locked up-along with the personnel files? A personnel file is chuck full of protected information. Who in your company has access? Information from personnel files can reveal knowledge to other employees that can be used against a coworker or can allow one employee to harass another. Do you have printed lists of employees’ names that include sensitive information such as social security number, home address, phone number, spouse’s name, emergency contact information? Are these lists just lying around or are they protected? Access to sensitive personnel and personal information should be regulated.
Did you know that it is not uncommon for an identity theft ring to make contact with a company employee who has access to records and offer them as much as $200.00 for every valid social security number they provide. How many employees do you have? How much money would this mean to a cash hungry employee? They would only have to acquire five number to make a $1,000. Do they make that much in a week? How much would it cost you, if this individual was exposed and your company was held liable for failure to protect the information?
Do you create holiday lists and distribute them to allow employees to send holiday cards to each other. Nice thought that could become an awful nightmare.
Scenario:
You are unaware that John Green in Sales has been attempting to date Grace Reed in Customer Service and she has repeatedly told him she isn’t interested. The holiday list arrives and John Green thinks he has another shot because he now has Grace Reed’s home address. Maybe she’ll be interested if he approaches her outside of work. This could get ugly.
While stalking has criminal penalties, much damage can occur before the situation is resolved. Additionally, you and your business may be sued for failing to protect personal information or promoting a hostile work environment. Even if a suit against you and your company is dismissed, much damage to you and your company’s reputation can be done in the press. The suit will hit page one. The dismissal will be buried on page 12.
Here’s a good rule of thumb that will help you decide how to treat employee information. Simply ask yourself this question: “Would I want someone who I was afraid of or who was dishonest to have this information about me?” If your answer no, protect the information as if it were your own.
Think you aren’t at risk? Think you aren’t liable? Effective June 1, 2005 the Fair and Accurate Credit Transactions Act (FACTA) made employers financially liable for information that is stolen by identity thieves.
When in doubt, shred!
Related Articles On Associated Content
Preventing Identity Theftby Bill Johnson
Slip and Fall Accidents in the Workplace by Laura Rice
Business Violence Risk Prediction by Morgan Summerfield
