By Michael Erickson, Vice President,
Human Resources and Corporate Services, Pinnacol Assurance
America’s fastest growing crime is one that victimizes people indiscriminately. It costs our nation billions of dollars each year. And it happens more in the workplace than any place else. Identity theft threatens businesses from many different angles, and the Human Resources (HR) department has become a key line of defense against this growing threat.
In addition to taking precautions to safeguard customer data, companies today must also take steps to protect the personal information of their employees. Every reasonable effort should be made to minimize the risk of ID theft in the workplace. To ensure that their employees are protected, HR should stay informed of current trends in this crime and build consistent business practices around these considerations. Following are a few suggestions:
Collecting Personal Information
- Collect and maintain only information that is reasonably necessary for business purposes.
- Make sure there is a good reason for collecting personal information from employees.
- Acquire information in a safe manner – so that it cannot be easily overheard or obtained by other parties.
Storing Information
- While more companies are acknowledging the benefits of going “paperless” with their record keeping (including Pinnacol Assurance’s HR department), security measures should be placed around any electronic systems used to store personal data.
- If paper records of personal information are kept, access to such files must be carefully secured.
- Conduct regular background checks on all employees and vendors with access to sensitive information.
- Ensure that any vendors who may have access to personal information are in compliance with all laws and regulations that apply to them.
- Laptops should be locked when not in use and employees should be trained to follow specialized laptop protection of data (45 percent of employee identification theft can be traced to stolen laptops).
Disclosing Information
- HR personnel should be trained in the proper procedure regarding information disclosure.
- Sensitive information should be shared on a tight need-to-know basis.
Disposing of Information
- Dispose of sensitive information that is no longer needed in a timely manner.
- Comply with the FACT Act’s Disposal Rule, which took effect in June 2005, to reasonably protect against unauthorized access to or use of personal information.
Companies must be proactive in protecting their employees’ and potential employees’ personal information. Even job applicants are at risk. The most basic job application typically requires everything that a thief would need to apply for credit, open a bank account or rent an apartment. HR must safeguard their applicants’ information just as carefully as they would their employees’.
Even when companies take the utmost precautions, problems can crop up in unexpected places. While employees look to HR to guard them from this threat, the most effective defense revolves around appropriate employee involvement. HR should train employees to be proactive in safeguarding their own (and other) sensitive information at work. Hold employees accountable for following the company’s stated guidelines. Guide employees to be especially aware during situations of high risk (such as relocation). Encourage them to look for red flags in their own dealings with vendors. Equip employees with tips to spot possible identity theft. And provide employees with resources to help in any possible case of information theft.
As indicated earlier, identity theft happens more in the workplace than any other place. Just following some of these simple steps will help protect employees’ identities.
|
