Okay, so you already know I sometimes watch (or maybe Tivo?) the Today Show first thing in the morning because I mentioned it in a previous blog.

Well, recently they were discussing identity theft and how our own government has made us vulnerable because they are actually publishing our personal information on their websites including military discharge information and traffic tickets which contain driver’s license number, date of birth, Social Security number, address, and more.
 
Amazingly, at the same time I heard about the Society of Human Resources Management (SHRM) looking at the Emerging Trends in Human Resources and at number eight on their list was…drum roll please…increase in identity theft.

Anyone who works in human resources in the State of California knows how regulation crazy  the State can be, and so recent legislation has gone into effect to help stem the tide on identity theft.

In fact, by January 1, 2008, all employers will be required to print no more than the last four digits of an employee’s SSN on check stubs or similar documents, or to substitute some other identifying number. What company’s will do until then makes me wonder.

But to think that SHRM has identified it as an “emerging trend” made me realize how vulnerable we really are, and how naïve we are for not seeing it coming long before now.

To bring the point home, according to a September 2006 white paper written for Business & Legal Reports (BLR), a company in Minnesota was recently sued for faxing employee names and social security information to managers in the company.

What were they thinking?

Anyway, I thought I’d share what the BLR white paper indicated companies should do in order to tighten up on identity theft so that we can all be diligent:

• Write an identity theft reporting policy and communicate about it frequently to employees through regular communication channels and during training

• Carefully screen (conduct background checks) all employees who have access to personal data

• Secure all personal data in locked cabinets or electronically, and then make certain they can only be accessed by appropriate personnel. Monitor who is attempting to access sensitive information.

DO NOT

• publicly post social security numbers

• print social security numbers on documents such as timecards, membership cards, paychecks, licenses or purchase receipts

• use social security numbers as health plan policy reference numbers

• transmit a social security number over the Internet without the use of encryption technology

• require online users to access company websites with a social security number without password protection or other authentication technology

• print a social security number on any materials that are mailed to an individual, except where required by federal or state law, such as a W-2 form

While much of this seems like common sense, sometimes a practical review can help prevent future problems.

This entry was posted on Wednesday, February 28th, 2007 at 10:40 am and is filed under Records. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site. Your comments will appear immediately, but I reserve the right to delete innapropriate comments.