Is your employer doing everything possible to ensure your identity is safe?

There are times when sharing personal information cannot be avoided; financial transactions, credit agreements, employment applications, etc. Because you and the institution requesting the information are involved in a legitimate transaction, sharing the particulars of your identity seems logical and most of us do it without issue. The potential for identity theft lies, particularly in employment situations, in the unnecessary use and poor safeguarding of our personal information.

Most companies maintain employee files that include the employees’ full name, Social Security number, home address, telephone number, salary and other benefits information. It is easy to understand why Human Resource files are a gold mine for identity thieves. All it takes is a name and home address to assume an identity. When it comes to protecting employees information, there are several relatively simple security measures that can and should be done. Your personal information, whether it is in paper files or stored electronically, should be secure. But are they?

  • Personal information should be considered “classified”, requiring a well defined and clearly appropriate use and restricted access.
  • Passwords should be hard to guess and access to important systems should be logged and tracked.
  • Temporary employees and those that have not had a background check should not be permitted access to employee personnel files. Employees that do have access to employee information should have their background screened on a regular basis to alert management to questionable activity and ensure their secure background status is maintained.
  • Databases of personal information should not be stored on laptop computers. Several recognizable companies including Equifax, Hewlett- Packard, Verizon, and General Electric have had laptops containing employee personal information stolen in recent years.

Use and Posting

Identifying information should only be used when absolutely necessary.

  • Employers should only ask for/retain personal information that is imperative to the employment process and benefits.
  • Social Security numbers should not be used for employee identification or file numbers. Unfortunately, this continues to be a common practice and one that can make stealing a co-workers identity a simple process.
  • Personal information should not be posted in readily available, public locations.

Disposal

It is the responsibility of the employer to safeguard employee information even when it is no longer needed.

  • Paper containing employee personal information should be shredded prior to disposal.
  • Computer hard drives should be cleaned before reassignment.
  • CD’s and DVD’s that may have contained employee data should be sanitized prior to reuse or disposal.

Employers have beefed up their employee data security in recent years. However, we continue to hear shocking stories about employee data being found in dumpsters or on laptop computers that are being stolen from within the office environment or out in the community. While we may not be able to control the measures our employers take to secure our personal information, we can make ourselves aware of potential misuse of our identity. By consistently monitoring the use of our personal information, we can help avoid unauthorized changes and use of our information before an identity theft becomes a serious problem.