Within many businesses, emphasis is placed on the importance of keeping sensitive company information safe. In the past, it was more about not giving away trade secrets to competitors, but now, with new technology and the constant, looming threat of data breaches, it gets even more complicated. Companies don’t want hackers to gain access to their systems and steal customer information, classified data, or even money.
Some businesses are so laser-focused on protecting their own information, though, that they’re forgetting an essential group of people that need their protection as well: employees.
According to the Society for Human Resource Management, the percentage of identity theft cases originating in the workplace is estimated to be anywhere from 30% to 50%. Your employees are trusting you with extremely personal information and have to blindly believe that you’re taking the necessary steps to keep that data safe. But are you? Or is your HR person just keeping personnel files in an unlocked cabinet, in an unlocked office, 24/7?
Handling confidential employee information with care isn’t just the right thing to do—it’s the law. If any of your employees become victims of identity theft, liability could fall squarely on your shoulders if it’s determined you acted negligently in some way. Likewise, if your company suffers a data breach, liability could be an issue for you again if employees have their identities stolen and it’s proven you could have done something reasonable to stop it.
How can you avoid legal action against your company in the event an employee has his or her identity stolen? Take the time to understand your obligations as an employer, train your staff, and create an internal employee data protection plan. Some companies are slapped with Identity theft liability or data breach liability simply because they weren’t aware of their legal duties or didn’t take the time to learn. If you don’t have an employment attorney on staff, retain the services of one to help you put your data protection plan together and train the staff.
In addition, take the time to research some federal laws that require the protection of employee information. Those laws include:
- The Health Insurance Portability and Accountability Act (HIPAA)
- The Fair Credit Reporting Act (FCRA)
- The Federal Trade Commission Act (FTC)
- The Fair and Accurate Credit Transactions Act (FACT)
Finally, as you work to change the culture of privacy within your company, you may also want to consider offering identity theft protection services to your employees. According to Willis Towers Watson, a global advisory firm, identity theft protection was offered by 35% of employers in 2015, but could double to nearly 70% by 2018. It’s often rolled into benefit packages as an attractive add-on, but it could also play a key role in shielding your company from identity theft liability in the event an employee has his or her identity stolen.
Protecting your employees protects your company. Learn more about employee identity theft protection and how IdentityForce can help.