Handling Sensitive Employee Data

Identity theft is a growing crime in this country and the liability risk of employers is increasing along with it. The reason is all the sensitive personal information collected from employees, job applicants, customers, independent contractors, business partners, patients and others.

The Federal Trade Commission reports that every year, millions of Americans fall victim to identity theft. And according to some studies, improperly handled employee records were the greatest contributor to identity theft in the workplace.

Companies must keep personal information about employees, customers and others confidential and secure – or risk liability for negligence.

To protect your business, strive to take as many of the following 10 steps as possible:

  1. Collect only the information necessary from applicants, employees and customers. For example, do you need to have all job applicants put Social Security numbers (SSNs) on their applications? If you need the numbers for background checks, obtain them only after applicants become finalists.
  2. Use numbers other than the SSNs as employee identification numbers.
  3. Rigorously enforce the confidentiality of employees’ personal information, including their SSNs and ID numbers. This means adopting and enforcing a policy that only persons with a need to know have access to the information.
  4. Safeguard sensitive information, especially SSNs. In other words, keep documents locked up. Take all security precautions with data kept on computers. Allow only authorized persons access to records.
  5. Do background checks on all prospective employees’ backgrounds before hiring them.
  6. Destroy employee records when they’re no longer needed. Make electronically stored records unreadable. Use crosscut paper shredders on paper documents. This is not merely a good business practice. The Fair and Accurate Credit Transaction Act requires employers and others to destroy all paper documents and computer disks containing consumer information before discarding them. That means it’s a violation of the law to simply throw out documents such as employee application forms with names, SSNs and credit histories listed on them. Consumer information is defined by the Federal Trade Commission as “any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report.”
  7. Don’t post   or display employee SSNs where other people can view them. Do not put the numbers on ID badges, timecards, work schedules or lists distributed to employees. SSNs should never be used as a computer password or login. (Also, don’t publicly display other personal information, such as employees’ home addresses, phone numbers, or drivers’ license numbers.)
  8. Encourage employees to keep the personal information they bring with them to the workplace (such as Social Security cards, drivers’ licenses, and credit cards) in locked desk drawers, locked cabinets or lockers.
  9. Tell employees not to place personal mail containing checks, SSNs or financial account information in unlocked outgoing mailboxes or mail trays in the workplace.
  10. Adopt a written policy on identity theft and distribute it to employees in your employee handbook. Include in your policy a way for employee victims of identity theft to report it to management in confidence. This is important so that your company can investigate whether the crime originated in your workplace.

TESTIMONIALS

As we’ve grown, so have our administrative and payroll needs. That’s why we’ve partnered with HR&P. HR&P supports us every day with human resources, payroll, benefits and compliance so we can focus on being the best BB’s Cafe we can be!

Brooks Bassler, Owner, BB's Cafe

Since 2010, my company has grown to over five hundred employees. With our tremendous growth we needed a human resources and payroll company that could grow with us. That company is HR&P. And as laws have changed, like the Affordable Care Act, HR&P has kept us in compliance. I focus on growing Twin Eagle. I trust HR&P with the rest.

Chuck Watson, Chairman, Twin Eagle

We are the industry leader in Oil Spill Cleanup Products and have dealt with numerous Oil Spill disasters. Knowing up close what a disaster looks like we choose to avoid them in our offices. HR&P guides us through the land mines of HR, Payroll and Benefit compliance so my team can focus solely on helping our clients with their problems, and we avoid our own.

Chad Clay, Owner, CEP Sorbents

One of the best things we did for our business was to partner with HR&P. They’re the experts in human resources, payroll and benefits administration.
HR&P’s web based solutions make it easy for us to manage our employee’s needs. They also help us stay compliant with the Affordable Care Act and with “the alphabet soup” of constantly changing Governmental regulations.

Ken Dennard, CEO, Dennard—Lascar Associates

I run a restaurant, from early in the morning to late at night, our team works hard to deliver great food in a fun atmosphere.
But there’s a lot more to running a business like human resources, payroll, benefits and compliance. So we turn to HR&P.
Outsourcing to HR&P keeps us focused on our business.

Marcus Payavla, Co-Owner, Orleans Seafood Kitchen

RECENT POSTS

NEWSLETTER

To receive more HR articles and tips that keep you informed, sign up for our newsletter.

SIGN UP!

Employers Caught in Identity Theft Schemes

A pharmaceutical company in San Diego was sued by some of its former staff members after an employee stole a box of old personnel records found in a storage closet. Information from the records (including names and Social Security numbers) was used to rent apartments, set up cell phone service and open credit card accounts. The victims argued the crime would have never happened if the employer had taken proper care of their records. The ID thief was eventually convicted and the pharmaceutical company settled the case out of court.

An Alabama Hospital employee stole personal information about child patients. The names, birth dates and Social Security numbers were later used by someone else to claim false child exemptions on federal income tax returns that resulted in fraudulent refunds. The hospital employee was paid $100 for each name successfully used in the scheme, according to the Justice Department.

Temporary employees hired by an Arkansas Hospital were charged with stealing information from employee records. They allegedly took the names, birth dates and Social Security numbers of six hospital employees and used the information to set up store credit accounts.

Police say the identity theft was part of a broader operation where the thieves sought temporary jobs in order to gain access to employer personnel records.

2018-10-01T17:34:14+00:00