News & Resources

Employer exposed worker identities

Mar 28, 2011 Matt Roesly

Employer exposed worker identities
A company in Wichita, Kansas, exposed employees' identities when it dumped thousands of documents containing Social Security numbers, addresses and other personal information in an unsecured dumpster, KWCH reports.
 Lone Star Business Solutions, the payroll and human resource company for Lone Star restaurants, had filled several dumpsters with old W-4 forms, employee applications and other files without shredding them. The company that hauled the dumpsters said it had taken at least three to a recycling plant but had not been aware personal documents were inside, the station reports. Lone Star will not have broken any laws unless someone uses the information to steal an employee's identity, the station said. Employers can protect themselves and their employees from identity theft by conducting regular audits on how personnel information is stored, writes Kara Spooner for PrviacyCG.com. As the case in Wichita revealed, highly sensitive information is collected on job applications, personnel files and in the paperwork, and must be kept secure from data hackers and unscrupulous employees. One of the common practices for fraudsters is to get temporary employment in order to gain access to employee data files. Pre-employment screening and criminal background checks can help employers keep these types of workers out of the company. A disgruntled employee can also be a perpetrator of fraud, so businesses should take steps to encrypt sensitive information and only grant access on a need-to-know basis, Spooner says. In addition, employers should use numbers other than Social Security numbers to identify employees in their databases, and should require health plans to do the same. A company can protect consumers and employees by tracking privacy just as it would costs, revenues and strategic planning, according to a privacy report from the Federal Trade Commission. "Although privacy often has been said to mean 'the right to be let alone,' the application of this concept in modern times is by no means straightforward," the report says. Companies should adopt a privacy-by-design approach by collecting only the data needed for a specific business purpose and keeping it only as long as necessary. Once a customer or employee file is no longer needed, companies should appropriately dispose of the documents by shredding them. Managers should also take a top-down approach by training their employees to handle all sensitive information - a customer's or their own - with care, appointing personnel to oversee privacy issues and conduct privacy reviews on new products and services, the report says.