Businesses should consider the following steps to safeguard personal information belonging to its employees and customers:
-Conduct an audit of how personnel information is stored and used.
-Conduct background and criminal checks on prospective employees who will have access to personal information.
-Only hire temporary workers who have had background checks.
-Restrict access to personal information to those employees with a business need-to-know.
-Closely manage temporary workers' activities.
-Provide shredders for employees to dispose of personal, customer and fellow-employee information.
-Use numbers other than Social Security numbers to identify employees in the computer systems.
-Require health plans to use numbers other than Social Security numbers to identify plan participants.
-Train staff with access to personal information about keeping that information secure.
-Keep personal information in locked file cabinets and password protected computer files.
In addition, businesses should have appropriate system and manual file access controls in the human resources department to mitigate some of the risks posed by identity theft. More importantly, businesses must be able to quickly identify when a data security breach has occurred and notify those individuals whose information may have been disclosed or stolen. That notification will help to minimize losses for both the business and the individual employee.
December 1, 2005
Copyright 2005© LRP Publications