Protecting Employees Against Identity Theft

Posted by in Workplace Management | Comments Off on Protecting Employees Against Identity Theft

Identity theft is a well-documented issue in a world that is increasingly interconnected by computer, telecommunication and other advanced technologies. A General Accounting Office report estimates that as many as 750,000 Americans are victims of identity theft every year. Just being employed makes your employees vulnerable to identity theft, since your payroll personnel and others probably regularly access employees’ personal, financial and other private information and that data is stored in your computer system and/or as documents in file cabinets. As an employer, you are responsible for implementing systems and procedures that both allow you to use sensitive employee information efficiently and carefully and protect that information from those who would use it illegally.

Employee identity theft can be thwarted when you apply various data-protection strategies.

  • Storage: At this point in history, you may be one of many businesses that probably keep employee information (active and terminated) in file cabinets as well as electronic data on company computers/servers. You want to initiate specific policies that require files to be stored in locked cabinets and limits which managers/employees control the key(s) and access. Similarly, computerized employee data should be password-protected, so only authorized personnel can log into that system.
  • Information Distribution: Your employee-data system should also include a stringent policy that employee information is never released to anyone other than the employee. The only other reason you would ever release such information is in response to a subpoena signed by a judge and presented by an officer of the court.
  • Clear the Desks: Even when payroll or other authorized personnel have accessed employee data, that information should be returned to file cabinets immediately and not left on anyone’s desk. Computer-based data should not remain on screen and authorized personnel shouldn’t remain logged into the employee information sub-system on your server while they’re at lunch, on break or not at their desks for an extended period of time.
  • Social Security Number Masking: Follow the lead of many companies, especially those doing business on the Internet, and don’t identify your employees by their complete Social Security numbers. Instead, mask the first five numbers, and only use the last four.
  • Shred and Its Dead: Add to your procedures, a policy that requires any authorized personnel who use or make copies of employee information to shred it immediately, during the day or before the end of the day. Too many identity thieves are just waiting to look through your company’s trash in the refuse bin in the alley behind your facility.
  • Government Support: Visit the Social Security Administration Web site at for more information.
Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.