What can employers do to help protect their employees from becoming victims of identity theft?
Given the fact that other employees are often the source of an information breach, naturally the first line of defense is to conduct a thorough background checks on job applicants. In addition to hiring candidates with integrity, employers can also put processes in place to control the flow of personal information. From the employment application to an employee’s departure documents, HR records should be closely guarded.
The following are important tips for acquiring, storing and destroying this information.
When acquiring personal information from an application, recruitment board, background screening company or applicant tracking system, the most important consideration is to protect your passwords. Keep in mind these simple guidelines:
- If using a secure Internet site or some type of software system, make sure your usernames and passwords are embedded or “hidden.”
- Restrict access to usernames and passwords to only a few key personnel, and assign a unique password to each user.
- Do not discuss usernames or passwords by telephone with any unknown caller, even if he or she claims to be from a familiar company or vendor.
- If you are working with hard copy information, have a designated fax machine where personal information will be sent back and forth and place the machine in a secure location rather than in a generally populated area of the office.
Restricting access is the most important consideration when storing employee information. Following are three simple steps employers can take to securely store data:
- Place any computers or servers that contain employee records in a secure location within the office. Physical access to these devices should be difficult for unauthorized personnel.
- Electronic files should be password protected and restricted to key staff members only.
- All hard copy information should be stored in a secure area within locked file cabinets. These cabinets should always be locked when not in use and after normal business hours.
Destruction of Information
Reasonable measures for the destruction of employee information could include, but are not limited to:
- Burning, pulverizing or shredding documents and destroying or erasing electronic files or media containing consumer report information so that the information cannot be read or reconstructed.
- Conducting due diligence when hiring a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the Rule.
By properly acquiring, storing and destroying sensitive data, businesses can make significant strides in preventing identity theft in the workplace.