Be as careful with employees' confidential information as you are with your own. Your employees' Social Security numbers are the penultimate example of information that must be kept under lock and key. We live in an increasingly digital world, making identity theft an ever present danger. It's a nightmare scenario that requires, at the least, canceling accounts and repairing credit reports.
Common sense counsels you to protect yourself by shredding bills and other documents before you throw anything away. Social Security numbers serve as an all purpose identifier for almost every transaction in the U.S.
Even though there have been extensive limitations placed on government agencies about when and how to store these numbers, the private sector faces no such legal restrictions on the collection of Social Security numbers.
It has been estimated that 75 percent of employees steal. And employee theft increasingly includes the theft of personal information, as well as money. That makes it even more critical as small business owners take the initiative to protect employees' privacy in order to avoid costly litigation.
By protecting the confidentiality of your employees' Social Security numbers, you are in fact protecting your own business interests. Employee lawsuits can arise against your business if you fail to take reasonable steps to safeguard these numbers. The following precautions can help small companies protect employees' confidential information:
- Always keep employees informed. When you request Social Security numbers, inform employees of the exact purpose for asking, the intended use of the numbers, whether the law requires employees to provide the numbers to employers in that particular context, and the consequences of not doing so. Devise a company policy concerning Social Security numbers, and make sure employees are aware of the terms. If a security breach of employee information occurs, notify both affected and unaffected employees immediately.
- Reduce the use of SS numbers. Only display Social Security numbers on business forms or documentation when legally required to do so. If you need an internal tracking system for your employees, an employee identification number might be more appropriate. Generate individualized employee codes for identification purposes, rather than using Social Security numbers. This way, any sensitive documents containing the numbers can be kept with the confidential employee files in a secure location; ideally a locked area with restricted access.
- Restrict access. You should carefully screen employees with access to confidential employee files. Employees working with documents containing Social Security numbers should have private offices with locking doors. If this is not possible, keeping these employees secluded from everyone else will be essential in maintaining the privacy of Social Security numbers. Make sure you have a company policy in place for how to access and handle any sensitive documents, such as keeping access logs and requiring return of the files, even during short breaks and lunches. Enforce the policy on everyone, with no exceptions.
- Tighten security policies. Whenever you need to send employee Social Security numbers outside the company, make sure to send them as securely as possible. When using the postal mail system, make sure that such information cannot be viewed through the envelope window. Encrypt or password protect emails containing Social Security numbers. Make sure when relaying the numbers over the telephone that the telephone is in a private area, where such information cannot be overheard. If transferring files, shred old paper records, and permanently remove electronic records from computer systems. Hitting the delete button is not enough.
- Control damage. If a leak of information is detected, immediately take steps to remedy the problem. You can start by paying for your employees to get copies of their credit reports and assist those that are adversely affected in any way possible. A showing of good will on your part can go a long way.
A final warning to employers: check your local rules and regulations for any additional demands on how to maintain confidential employee information. Privacy and identity theft legislation is a hot button issue for the government, which is experimenting with how to craft adequate compliance measures. Stay up to date, so you can stay out of court.
This article was edited from a story by Elizabeth Gaudio, senior executive counsel at the National Federation of Independent Business Legal Foundation. The NFIB is the nation's leading small business advocacy association, with offices in Washington, D.C. and all 50 state capitals. For more information, visit www.nfib.org
Entire contents ©2017, Sumner Communications, Inc. (203)
748-2050. All rights reserved. No part of this service may be
any form without the express written permission of Sumner Communications,
Inc. except that an individual may download and/or forward articles
to a reasonable number of recipients for personal,