While many identity theft cases involve consumer data that is maintained by financial, retail, and other businesses, negligent, and dishonest co-workers at those companies are frequently guilty of providing access to sensitive records. Even businesses that do not maintain customer records have an abundance of employee data that can provide a tempting target for identity thieves. According to Judith M. Collins, author of the book Preventing Identity Theft in Your Business: How to Protect Your Business, Customers, and Employees, at least 50% of all identity theft cases can be traced back to the workplace. With identity theft in the workplace becoming a serious problem, it is imperative that employers establish anti-theft practices.
While it is important for employers to take steps to limit access to and disclosure of any personal information that could result in identity theft, some types of personal details require more protection than others – for both legal and practical reasons.
“In the workplace, social security numbers cause the most problems,” according to Beth Givens, founder/director of the Privacy Rights Clearinghouse, a non-profit consumer advocacy and information organization based in San Diego, California.
To protect this type of information, the first step employers should take is to perform background checks on any employees who will be in a position to commit identity theft: human resources, accounting staff, computer technicians, mail handlers, and managers. If your company outsources any services that involve personnel records, require your contractors to do the same for their employees.
And while background checks are important, they are not totally fail-safe measures. Many identity thieves have no prior criminal record, and some may actually be working under someone else’s identity. Consequently, employers must be vigilant to take additional steps to protect against identity theft in the workplace. One area where it is best to use extreme caution would be when assigning temporary workers. While sainthood is not a prerequisite for handling sensitive information, it’s always best to use an experienced employee who has a proven track record rather than a brand new employee who hasn’t made it past their introductory period.
Many businesses also require employees to sign policies agreeing to follow access, disclosure, and confidentiality protocols. Workers with access to sensitive information should be required to participate in training on the company’s security practices and privacy protections at the time of hire and periodically receive refresher training. A great deal of workplace identity theft is the result of sheer carelessness, so reinforcing privacy and security policies daily is especially critical. I suggest placing posters and signs in key locations to remind employees of the necessary security practices which must be followed and that supervisory staff conduct regular spot checks to ensure that workers are following required procedures.
For more information on establishing anti-theft practices and preventing identity theft in your workplace, register now to attend our next employer seminar, Tuesday, April 5th from 10A – 12P @ our Westheimer Career Office.
Lisa Bogany is a Senior Business Consultant for Workforce Solutions in the Houston metropolitan area. She has over five years of experience in workforce development, primarily working with employers, and over 10 years experience in small business entrepreneurship.