 |
|
|
|
| |
When you think of identity theft, you probably think of stolen wallets or bank statements missing from your mailbox. With personal information stored in file cabinets and lying on desktops and fax machines, however, the workplace provides an even greater goldmine for identity thieves. In many companies, people also regularly leave purses, bags and wallets in unlocked office areas, making it easy for dishonest co-workers and strangers to steal check books, driver's licenses, and other personal information.
In our previous article about identity theft, we introduced the Identity Theft Resource Center (ITRC). Interestingly, ITRC Founder, Linda Foley, was a victim of workplace identity theft. In Linda's case, her boss used information on her tax return to apply for credit cards and a cell phone. The experience led Foley to found the ITRC as a resource to help victims of identity theft.
The ITRC's Director of Victim Services, Sheila Gordon, was also victimized in the workplace. A summer job led to her employee file being pilfered. Gordon did not learn of the theft until years later—when it was revealed that a Mexican woman had used her personal information to establish an identity in the U.S. |
| |
|
|
|
Social Insecurity
As awareness of identity theft grows, employees are beginning to question unsafe policies. For example, misuse of Social Security numbers is still a common practice in many companies. Any time an employer puts your Social Security number on a timecard, report, receipt, ID badge, or uses it as a computer login, you are exposed to unnecessary risk.
Several states have passed laws that prohibit the use of Social Security numbers as personal identifiers. For example in 2006, New York and several other states enacted legislation that placed limits on the use and dissemination of Social Security account numbers. The law imposes harsh penalties on companies that fail to protect the confidentiality of Social Security numbers in their possession.
If you work for an employer who still uses Social Security numbers as identifiers, consider providing only the last four digits of your number. The best strategy, however, is to request a change in company policy. An added benefit would be helping your employer avoid claims of negligence and a possible lawsuit. |
| |
Unsafe Hiring Practices
Information provided as part of the hiring process is an additional area of concern. Some employers request Social Security or driver's license numbers on job application forms, putting job seekers in the uncomfortable position of trying to please the interviewer versus protecting personal information. The best bet is to ask the interviewer if this information is absolutely necessary to provide upfront. In many cases, an employer will waive this requirement and will stipulate the applicant provide the information only if hired.
If you submit a paper application, write "Available upon request" in the Social Security number field then explain your reason on the form. Explain that due to the increasing incidence of identity theft, you prefer to provide the information directly to the interviewer or after you are hired.
If are unlucky enough to have been a victim of identity theft, share this information with a prospective employer. Because a background check can indicate potentially damaging items that occurred when the thief used your name—such as bankruptcies, traffic tickets, or other offenses—address this with your employer up front. Any police reports you filed or statements from credit issuers helping you clear your name will help an interviewer understand your situation. |
| |
Dumpster Due Diligence
The government is beginning to crack down on information obtained during hiring. For example, the Fair and Accurate Credit Transactions Act (FACTA) is a federal law that requires employers to implement procedures to destroy documents and electronic files obtained during the hiring process, such as an employee's credit report.
In addition, several state laws require paper documents containing personal data to be rendered unreadable prior to disposal. According to Sheila Gordon from the ITRC, "Many identity theft trails lead to a trash bin in the alley. If you find important employee documents in the dumpster, report it to company management immediately. These practices can bury a company in lawsuits and legal fees if a data breach occurs." |
| |
| |
 |
| |
| |
| We appreciate your interest in Trend Micro's First Line of Defense newsletter. If you would like to receive Trend Micro product announcements and special offers, please opt-in to our mailing list. |
|
| |
| |
|
|
|
