Your Workplace - a monthly newsletter about workplace trends - Newsletter XXIII Past IssuesGo to www.westaff.com
Westaff
Identity Theft: The Office as the First Line of Defense
 

Preventing Identity Theft

Here are some tips:

  • Avoid using Social Security numbers as employee identification numbers for any records, whether it's insurance identification cards or application records. Assign employees individual numbers that don't relate to their personal information and use photographs on badges in large workplaces to prevent identity fraud.

  • When your business needs such personal records, be prepared to explain to employees exactly why that information is required by the company, how it will be used, stored and eventually disposed of.

  • Keep employee records in secure and locked locations — not in a general filing cabinet in the HR department. Limit access to them by other employees.

  • Maintain password protection on all computer workstations, as well as voicemail and other electronic information sources.

  • Encourage employees to lock their personal materials such as purses and wallets in a drawer or locker instead of leaving them around their work stations.

  • Shred all personnel documents that are no longer needed. If there is a great deal of customer contact in the workplace, consider regularly shredding customer records such a credit card slips that you need to dispose of.

  • Put policies in place that prevent employees from leaving work records that might contain personal employee information or customer identifying information on their desks.

  • Do thorough background reviews of new employees. Conduct detailed background checks and call references. Make sure any temporary or contract employees, even the maintenance crew, are also thoroughly screened.

Sources:
http://www.idtheftcenter.org/
http://www.consumer.gov/idtheft/

 

 

 

 

 

 

 

 

 

 

 

 

 


A New York state employee stole about $100,000 worth of goods and services last year, using her position as a clerk with the state's insurance department to access the personal information of state employees and other citizens who dealt with her office. She used the information to open new charge accounts, and then charged away.

The clerk was quickly arrested, preventing a loss that could have been even more substantial, according to the New York Attorney General's office. Given the time, the clerk could have accessed thousands of personal identifying information from the state's computers.

The incident was a wake-up call to all employers, both public and private, who need to be ever more vigilant about who should be allowed access to personal employee and customer information.

In fact, there's been an alarming, dramatic growth in reported identity thefts. Calls to the Federal Trade Commission's (FTC) clearinghouse complaining about identity theft, for example, has grown five-fold to as many as 3,000 reports per week, according to a Government Accounting Office report. The theft of business records, such as payroll or employment records, is becoming one of identity thieves' most popular sources for information.

One solution? Businesses need to use every method at their disposal to reduce access to employee information.

"The business community really must become the first line of defense," said Linda Foley, executive director of the Identity Theft Resource Center in San Diego, California, a national nonprofit organization dedicated to combating identity theft and providing information and prevention training to businesses and individuals. (www.idtheftcenter.org). "It's how businesses acquire, distribute and store personal information, and how they use it, sell it and dispose of it that puts us all at risk," Foley said.

Foley notes with particular ire that it's unfair for businesses to put consumers at risk by failing to take obvious steps to protect them.

The two main ways to prevent identity theft in the workplace are to stop using employees' Social Security numbers on all personnel and payroll records and to destroy thoroughly any records containing sensitive personal information — not just store it in a box or throw it in the trash.

In some states, laws are changing to require these measures. California, for example, has passed a law that prohibits printing or using employee or customer Social Security numbers on documents where they may be seen by others such as on identification cards or badges or other employee materials. For example (with some exceptions for health care or insurance companies), individuals and non-government entities may not:

  • publicly display or post SSNs
  • require people to transmit an SSNs over the Internet unless the connection is secure or the number is encrypted
  • require people to log onto a Web site using an SSN without a password
  • print SSNs on anything mailed to a customer unless required by law or the document is a form or application.

Georgia has passed similar laws, and federal legislation has also been proposed.

"In the past, a Social Security number often was used unnecessarily as a cross reference on a variety of documents, even when a name would have provided sufficient identification," said Gail Jern, Westaff's Human Resources representative. "The fewer places that social security numbers are recorded, the less apt they are to be seen by others and/or confiscated for illegal purposes."

Personal information stored on computer is also at risk. In one of the biggest thefts of personal records so far, the University of Texas at Austin had the Social Security numbers and other personal records of 55,000 student, faculty and staff captured by computer hackers last month, according to the university.

Although the breech was quickly discovered, it may not be known for several months whether that information was disseminated to identity thieves. "The hackers could have sold it within 20 minutes," said Foley.

But the people who may have bought the information "may sit on it and not use it for six more months," she said.

Access and honesty are both critical factors in preventing identity theft, and companies need to take steps to address both issues.

Jern noted that companies should designate only a very limited number of people with the authority to access employees' personal information. "Hiring honest and ethical employees, and keeping them motivated and feeling appreciated can make a significant difference in terms of their loyalty," she said. "This also underscores the importance of a company having good hiring practices and taking the time to do thorough reference checks."

Foley believes the business community's handling of sensitive personal information is going to change either voluntarily or because of new government policies and laws that provide more protections for personal information.

In any case, she said, it's in businesses' own interests to prevent the theft of their employees' or customers' identities.

"We don't come in to rap businesses' knuckles," said Foley of her organization's approach to helping companies prevent identity theft. "We just explain to them what aspects of their record-keeping should be looked at and offer them ideas about how to improve them. But we also point out that it would be more cost effective to fix any (record keeping) problem up front, rather than have to fix it after a class action lawsuit is filed by victims whose information was stolen," she said.

Another thing her organization doesn't do is pry into companies' actual employee records — that would amount to another breech in the system. "Their records are none of our business as long as they fix the problems," she said.

 
 

Ask Ms. Carmen Courtesy - Your Office Etiquette Expert

Dear Ms. Courtesy,

How do I deal with a co-worker who dominates all conversations? She never allows others to contribute to a conversation. When someone does try to break in, she abruptly and sternly says, "Excuse me," then continues talking!

— Stifled

Dear Stifled:

It's a common problem in society — everyone knows someone who's so enamored of their own voice that they don't want anyone else to get a word in edgewise. But in the give and take of a successful workplace environment, someone needs to crack the whip on this conversation dominatrix — not just for the sake of polite water-cooler conversation, but to make sure everyone has a voice in business solutions.

Communications and Image Consultant Jill Bremer in Oak Park, Ill. (www.bremercommunications.com) had this advice to offer: "This person clearly does not know the rules of conversation, which is that eye contact should control conversation. When someone wants to speak, they make eye contact with the speaker who grants them eye contact permission," explains Bremer. "And they, in turn, pass the conversation on to the person who makes eye contact with them."

Bremer recommends setting this person straight. "She can only dominate it as long as you let her. You must be firm. Say something like, 'Donna, we've been listening to you for quite a while. Some of the rest of us have something to say. It's time to listen to me.' Then begin talking. If she interrupts, you say, 'Excuse me,' without giving her eye contact and continue talking."

If this conversation dominatrix continues talking over you, there's another solution. You can't continue conversing with an unreasonable person. So, try speaking up for yourself and if that doesn't work, walk away.

Electronically Yours,

Ms. Carmen Courtesy

Ms. Courtesy will read over all your inquiries, select questions that will be of general interest, and do her best to answer them in a timely manner (keeping in mind that her column runs monthly). She is looking forward to hearing from you.

Ask Carmen Your Question!

 

 

Call Westaff - we can fulfill your quality staffing needs.
1-877-WESTAFF.

 
Past Issues
Go to westaff.com
Westaff ©2003 Your Workp.lace. All Rights Reserved.