FREE TRIAL UPGRADE!
Thank you for investing in EnvironmentalHazmatHuman ResourcesHuman Resources, Hazmat & Environmental related content. Click 'UPGRADE' to continue.
CANCEL
YOU'RE ALL SET!
Enjoy your limited-time access to the Compliance Network!
A confirmation welcome email has been sent to your email address from ComplianceNetwork@t.jjkellercompliancenetwork.com. Please check your spam/junk folder if you can't find it in your inbox.
YOU'RE ALL SET!
Thank you for your interest in EnvironmentalHazmatHuman ResourcesHuman Resources, Hazmat & Environmental related content.
WHOOPS!
You've reached your limit of free access, if you'd like more info, please contact us at 800-327-6868.
CLOSE
 
:
 
InstituteEnglishPrivacy and Data SecurityUSAHR ManagementPrivacy and Data SecurityAnalysisFocus AreaCompliance and Exceptions (Level 2)Human Resources

Preventing employee identity theft

['Privacy and Data Security']
Preventing employee identity theft
  • Under FACTA, employers run the risk of civil litigation if their actions are deemed responsible for an employee’s identity being stolen.
  • When employers take “reasonable measures” to protect workers’ personal information, the danger of company liability is lessened.

Employers — especially their human resources (HR) departments — house quite a bit of employee personal information. This is a responsibility that employers must take seriously, particularly since the workplace is the number one source of identity theft.

This considerable responsibility translates into risk for employers. They can be held civilly liable under the Fair and Accurate Credit Transactions Act (FACTA) if their actions (or lack thereof) lead to the theft of an employee’s identity. Penalties include up to $2,500 per employee as well as the cost of actual damages suffered by individuals.

Identity theft and the law

Under FACTA, employers are required to safeguard all information about employees that is derived from a “consumer report.” This report includes any information obtained from a consumer reporting agency that is expected to be used in establishing employment eligibility.

Personal information includes a variety of identifiers beyond an individual’s name, including (but not limited to) telephone numbers, physical addresses, Social Security numbers, credit card numbers or other account numbers, email addresses, and driver’s license numbers. This type of data stored on paper or any other media all falls under FACTA.

Mitigating risk

FACTA requires employers to take “reasonable measures” to safeguard employees’ personal information. What is considered reasonable will depend on many factors, including the nature and size of the company, the sensitivity of the information, and the cost and benefit of a particular method of protecting information. That being said, here are several ways that employers can limit their risk of liability under FACTA:

  • Maintain written policies and procedures. Establishing (and following) written policies and procedures for keeping data secure can limit an employer’s liability even if the employer fails to keep data secure. These policies might outline data security measures, confidentiality provisions, or processes to identify or screen individuals who will have access to employees’ personal data.
  • Offer identity theft protection. Employers are not required to pay for identity theft protection, and employees may choose to decline the protection. However, the key to mitigating risk is to offer the benefit to employees while educating them about the risks of identity theft.
  • Follow FACTA’s disposal rule. Under FACTA, employers are required to take appropriate measures to dispose of information obtained from consumer reports to prevent unauthorized use of the information. Employers may determine a reasonable means to dispose of the records, which may include burning, pulverizing, or shredding paper records and erasing or destroying electronic records.

Safeguarding employees’ personal information may be required under FACTA, but it’s also a wise business practice. As many as nine million Americans (about one in 25 adults) have their identities stolen each year, according to the Federal Trade Commission (FTC). Depending on severity, the damage done by identity theft can take days or even months to undo. Employers can bet the disruption to employees’ personal lives will roll over into work time and almost certainly affect productivity.

:
privacy-and-data-security
privacy-and-data-security
FOUNDATIONAL LEARNING
InstituteEnglishPrivacy and Data SecurityUSAHR ManagementPrivacy and Data SecurityAnalysisFocus AreaCompliance and Exceptions (Level 2)Human Resources

Preventing employee identity theft

Preventing employee identity theft

InstituteEnglishPrivacy and Data SecurityUSAHR ManagementPrivacy and Data SecurityAnalysisFocus AreaCompliance and Exceptions (Level 2)Human Resources
['Privacy and Data Security']
Preventing employee identity theft
  • Under FACTA, employers run the risk of civil litigation if their actions are deemed responsible for an employee’s identity being stolen.
  • When employers take “reasonable measures” to protect workers’ personal information, the danger of company liability is lessened.

Employers — especially their human resources (HR) departments — house quite a bit of employee personal information. This is a responsibility that employers must take seriously, particularly since the workplace is the number one source of identity theft.

This considerable responsibility translates into risk for employers. They can be held civilly liable under the Fair and Accurate Credit Transactions Act (FACTA) if their actions (or lack thereof) lead to the theft of an employee’s identity. Penalties include up to $2,500 per employee as well as the cost of actual damages suffered by individuals.

Identity theft and the law

Under FACTA, employers are required to safeguard all information about employees that is derived from a “consumer report.” This report includes any information obtained from a consumer reporting agency that is expected to be used in establishing employment eligibility.

Personal information includes a variety of identifiers beyond an individual’s name, including (but not limited to) telephone numbers, physical addresses, Social Security numbers, credit card numbers or other account numbers, email addresses, and driver’s license numbers. This type of data stored on paper or any other media all falls under FACTA.

Mitigating risk

FACTA requires employers to take “reasonable measures” to safeguard employees’ personal information. What is considered reasonable will depend on many factors, including the nature and size of the company, the sensitivity of the information, and the cost and benefit of a particular method of protecting information. That being said, here are several ways that employers can limit their risk of liability under FACTA:

  • Maintain written policies and procedures. Establishing (and following) written policies and procedures for keeping data secure can limit an employer’s liability even if the employer fails to keep data secure. These policies might outline data security measures, confidentiality provisions, or processes to identify or screen individuals who will have access to employees’ personal data.
  • Offer identity theft protection. Employers are not required to pay for identity theft protection, and employees may choose to decline the protection. However, the key to mitigating risk is to offer the benefit to employees while educating them about the risks of identity theft.
  • Follow FACTA’s disposal rule. Under FACTA, employers are required to take appropriate measures to dispose of information obtained from consumer reports to prevent unauthorized use of the information. Employers may determine a reasonable means to dispose of the records, which may include burning, pulverizing, or shredding paper records and erasing or destroying electronic records.

Safeguarding employees’ personal information may be required under FACTA, but it’s also a wise business practice. As many as nine million Americans (about one in 25 adults) have their identities stolen each year, according to the Federal Trade Commission (FTC). Depending on severity, the damage done by identity theft can take days or even months to undo. Employers can bet the disruption to employees’ personal lives will roll over into work time and almost certainly affect productivity.

2656871630
UPGRADE TO CONTINUE READING

RELATED TOPICS