All too often, the news is full of stories about identity theft leaving innocent victims with wiped out bank accounts and damaged credit. Proving that identity theft has occurred is tedious, and it can take years to clean up the mess.
The crime of identity theft is not something that organizations often think about as a high-risk liability. However, organizations should take it seriously, as it is something that can affect both their bottom line and their employee’s personal lives.
Measures should be put in place to make sure the personal information of employees is protected. But where do you start? Implementing an identity theft prevention plan sounds daunting, but it doesn’t have to be.
The first step any organization should take is to evaluate the workplace. Look for any areas where information is vulnerable, such as unlocked cabinets that contain employee files, computers without pass codes in place, or employee ID badges that might have personal information on them such as social security numbers. It’s important to document what you find.
Your next step is to develop a plan to correct any of the vulnerabilities you found. Your focus should be on document and information security, access controls and disposal. Be as specific as possible. Remember, we aren’t just talking about the file cabinet full of personnel files. There is plenty of sensitive information hanging out on computers as well.
Once your organization has developed a plan, the next step is implementation. At this point, you should release a policy and guidelines with the details of the plan, train employees who handle sensitive information on the new procedures and engage a disciplinary plan for employees who violate the plan.
Ultimately, the goal of a personal information protection plan is to be proactive. As an organization, you have to take action before you’re faced with a security breach. If you start this process once a breach has occurred, the damage may be difficult to remedy.
Brittany Cullison, HR Advisor, G&A Partners