Protect Yourself and Your Employees From Identity Theft

By Rachel Kuntz, MMGT

Most employers work hard to protect their organizations from potential hazards. Most employers try to instill safe working habits in their employees, prepare for natural disasters, or provide wellness programs. Unfortunately, many employees are unaware of the potential for identity theft in the workplace.

The media often reminds us to take steps to protect identities when processing credit applications, using the telephone, and using the Internet. So, many people are aware that identity theft has become a growing concern. For employers, identify theft requires attention because the employer may be held negligent by a court of law for thefts of identity in the workplace. However, most employers have little idea of how to handle this growing crisis in the workplace.

Until recently, theft of identity was not even considered a crime. In 1998, the US passed the Federal Identity Theft and Assumption Deterrence Act of 1998. This legislation made it a felony to assume another person’s identity. Despite that change, the US Federal Trade Commission reports that identity theft was the number one consumer fraud complaint in 2001.

Identity theft is not limited to the US alone. In the year 2001, identity theft was the third most-often reported consumer business complaint according to the Canadian Council of Better Business Bureaus.

How does identity theft occur in the workplace? It can happen in a variety of ways, including:

  1. Small businesses many times have employees make purchases using personal credit cards or personal checks then reimburse the employee when he or she submits a receipt. Often times, the receipts contain personal information that can be used fraudulently by individuals with access to the receipts.
  2. Most businesses keep some form of personnel files, and the accounting department generally has access to employee data for payroll purposes. Information in these files contain a great deal of personal information such as home addresses, telephone numbers, social security numbers, birth dates, and even banking information (especially with the growth of direct deposit for payroll). The information usually kept in these files is exactly what is needed to steal the identity of unsuspecting individuals. A recent publication stated that nearly 90 percent of the identity theft that occurs in the workplace happens when information is accessed though personnel files.
  3. Many times, small to mid-sized businesses don’t keep personal data secure within a regular locked filing system. Consequently, unauthorized persons may access personal information, which could be devastating.
  4. Sometimes, identity theft occurs from within third parties such as payroll services. Smaller businesses often choose to outsource their payroll services. Therefore, it is important that businesses choose payroll firms that are committed to protecting the privacy of clients.

Steps to Take  How can employers protect the workplace and employees from the growing concerns of identity theft? Employers can take a series of steps to try to improve security measures, which may include some of the following:

  1. Consider carefully screening employees who will be able to access employee-sensitive materials. Employers may consider doing background checks for those positions. Remember to make sure these measures conform to the law in order to prevent potential legal problems.
  2. Limit access to employment and personal information. Only retain information that is necessary to employment. Keep all personnel files, payroll information, etc. in locked files. If personnel files are electronic, they should be well-protected electronically.
  3. Personal information requested from third parties should be denied.
  4. Limit or even eliminate the use of social security numbers as a means of reference for employees. Instead, use employee numbers on payroll checks and other employee documents instead of social security numbers.
  5. Shred all personnel and informative business documents. When businesses clean out old files and do not properly dispose of documents, it makes it easy for someone to access information from the garbage can.

Train employees about identity theft. Teach employees to properly handle and dispose of important information. Training could include the following measures: securing files, securing personal wallets/purses, use of lockers for personal items, and notifying employees in case of a identify theft.

Rachel Kuntz is a senior executive consultant with Brynmor Associates, LLC. She offers human resource consulting services to organizations throughout the United States, Canada, and the United Kingdom. This article is intended for informational purposes only and is not intended to give legal or other professional advice. You should always consult competent legal consul regarding your unique situation.

Identity Protection Checklist

1. Does your company shred all materials that contains sensitive information?

□ Yes  □ No  □ Unsure

2. Does your company carefully screen individuals who will be using sensitive information?

□ Yes  □ No  □ Unsure

3. Does your company minimize temporary employees having and using sensitive information?

□ Yes  □ No  □ Unsure

4. Does your company try to minimize the use of social security numbers to distinguish employees?

□ Yes  □ No  □ Unsure

5. Does your company avoid using social security numbers and full addresses on payroll documents?

□ Yes  □ No  □ Unsure

6. Does your company have policies regarding the limitation of information relayed to third parties?

□ Yes  □ No  □ Unsure

7. Does your company secure employee information and other important documents?

□ Yes  □ No  □ Unsure

8. Does your company promote security awareness by providing guidelines for safeguarding sensitive information?

□ Yes  □ No  □ Unsure

[From Connection MagazineSeptember 2003]