Identity theft is a growing crime in this country and the liability risk of employers is increasing along with it. The reason is all the sensitive personal information collected from employees, job applicants, customers, independent contractors, business partners, patients and others.
The Federal Trade Commission reports that every year, millions of Americans fall victim to identity theft. And according to some studies, improperly handled employee records were the greatest contributor to identity theft in the workplace. Companies must keep personal information about employees, customers and others confidential and secure – or risk liability for negligence.
To protect your business, strive to take as many of the following 10 steps as possible:
1. Collect only the information necessary from applicants, employees and customers. For example, do you need to have all job applicants put Social Security numbers (SSNs) on their applications? If you need the numbers for background checks, obtain them only after applicants become finalists.
2. Use numbers other than the SSNs as employee identification numbers.
3. Rigorously enforce the confidentiality of employees’ personal information, including their SSNs and ID numbers. This means adopting and enforcing a policy that only persons with a need to know have access to the information.
4. Safeguard sensitive information, especially SSNs. In other words, keep documents locked up. Take all security precautions with data kept on computers. Allow only authorized persons access to records.
5. Do background checks on all prospective employees’ backgrounds before hiring them.
6. Destroy employee records when they’re no longer needed. Make electronically stored records unreadable. Use crosscut paper shredders on paper documents. This is not merely a good business practice. The Fair and Accurate Credit Transaction Act requires employers and others to destroy all paper documents and computer disks containing consumer information before discarding them. That means it’s a violation of the law to simply throw out documents such as employee application forms with names, SSNs and credit histories listed on them. Consumer information is defined by the Federal Trade Commission as “any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report.”
7. Don’t post or display employee SSNs where other people can view them. Do not put the numbers on ID badges, timecards, work schedules or lists distributed to employees. SSNs should never be used as a computer password or login. (Also, don’t publicly display other personal information, such as employees’ home addresses, phone numbers, or drivers’ license numbers.)
8. Encourage employees to keep the personal information they bring with them to the workplace (such as Social Security cards, drivers’ licenses, and credit cards) in locked desk drawers, locked cabinets or lockers.
9. Tell employees not to place personal mail containing checks, SSNs or financial account information in unlocked outgoing mailboxes or mail trays in the workplace.
10. Adopt a written policy on identity theft and distribute it to employees in your employee handbook. Include in your policy a way for employee victims of identity theft to report it to management in confidence. This is important so that your company can investigate whether the crime originated in your workplace.