The U.S. Department of Justice defines identity theft and identity fraud as crimes in which someone “wrongfully obtains and uses another person’s personal data” for the purpose of fraud or deception, usually for economic benefit. Identity theft criminals charge purchases to another person's credit card, open new accounts, take money out of bank accounts, apply for loans or even take over another person’s identity, running up huge debts and destroying the victim’s credit. All the criminals need are your Social Security number, bank account or credit card number and other identifying data. Unfortunately, one of the best places to dig for such data is the workplace.
Employer records provide a gold mine for identity thieves -- everything a thief needs to know, including Social Security numbers, credit histories, direct deposit bank information, job applications and background reports as well as payroll and tax records. Anyone who has access to these files can commit identity theft. The thief could be a human resources department employee, a payroll staff member or even a boss with easy access to sensitive information. Thieves could be temp workers who go to work for a company just to steal employee information.
Identity theft topped the list of national consumer complaints for the 13th year in 2012, according to the U.S. Federal Trade Commission. Yet most office workers feel a false sense of security among trusted co-workers. Women carelessly leave their handbags in plain sight and men leave wallets in their jackets while away from their desks. People toss credit card receipts into the trashcan, where they could be retrieved by cleaning staff. Terminated employees might take revenge by using company credit cards to run up huge bills. Employers should train employees about identity theft and instruct them about protecting their handbags, wallets and desks.
Employers can be held liable for misuse of sensitive personnel information. It is up to employers to develop practices and policies to protect sensitive records. Hard-copy personnel and customer files should be kept in locked containers, and computerized records must be password restricted with access limited to those on a “need-to-know” basis. Immediately eliminate access to records by a terminated employee. Social Security numbers must never be used as identifiers on health plan policies or such documents as paychecks. Employers should conduct background checks on employees and job candidates who would have access to sensitive information. The federal Fair and Accurate Credit and Transaction Act requires that employers dispose of any job applicant’s credit report.
Dealing with Theft
Employers should adopt a policy about reporting identity theft and encourage employees to report such crimes. The Justice Department recommends that people who have been victims of identity theft or fraud immediately report the crime to the FTC, either online, by telephone or by mail. If your Social Security number is being used illegally, call the Social Security Administration. Notify the credit reporting companies -- Equifax, Experian and Trans Union -- and contact your banks and credit card institutions.