|
|||
|
|
|
||||||
|
ID Thefts Prevalent at Work
With the workplace being the site of more than half of all identity thefts, HR executives must "stop thinking about data protection as solely an IT responsibility," says one expert. More education on appropriate handling and protection of information is necessary, among other efforts.
More than half (51 percent) of all identity thefts occur in the workplace, according to a recent study by Michigan State University. Organizations that carelessly process and store personnel records create perfect opportunities for "inside jobs," according to Guillaume Deyback, president and CEO of Washington-based Worldwide Assistance, a provider of identity-theft resolution services. Workplace settings have become increasingly attractive for identity theft because criminals are aware of the personal data stored there, such as birth dates, Social Security numbers, bank-account numbers and credit-card information, among others, he says. The annual cost of such identify thefts to corporations and consumers is about $50 billion, says Deyback, and innovative criminals have developed techniques that exclude almost no one from the scourge of stolen information created by the prevalence of personal data. But organizations are becoming more aware of the problem, says Troy Allen, chief fraud solutions officer at Nashville, Tenn.-based Kroll Fraud Solutions. "Just a few years ago a stolen laptop was viewed as a loss of hardware," Allen says. "Today, organizations and individuals are acutely more aware that the sensitive data a laptop contains is of different, greater value." He says HR executives must "stop thinking about data protection as solely an IT responsibility." Practitioners need to "examine and reinforce physical security practices, both brick and virtual operations." HR must also be mindful of where sensitive data is stored and who has access to it, says Mari J. Frank, an attorney and privacy consultant in Laguna Niguel, Calif., who authored Safeguard Your Identity. Frank suggests encryption of data, limited access, privacy training and employee-background checks for workers with access to co-workers' personal information. Organizations should also be cognizant of devices that contain personal data, how the data is stored, and even how it's discarded, Frank notes. Both Frank and Allen encourage a review of personnel data. Allen recommends "data minimization across the organization," saying organizations should "collect only the information you need; keep it in as few places as is possible and only for as long as is necessary; and dispose of it responsibly once it is of no use." Educating employees on appropriate handling and protection of sensitive data is also important, he says. It's essential that policies, procedures and physical safeguards are in place, understood and enforced. Some individual identity theft solutions offered by organizations as employee benefits are advantageous to employer and employee alike, Allen says. The employee receives value through access to a solution that helps him recover from the damages of fraud. And the employer is less likely to see productivity slip due to presenteeism. It's estimated that the average identity theft victim spends 600 hours or more in the course of clearing records, restoring credit and reestablishing credibility. The associated paperwork, phone calls and police reports require an inordinate amount of time. And most of the issues must be addressed during regular business hours. Taking a proactive approach with respect to the potential for identity theft makes the most sense, according to Allen. "Pre-breach preparation as a facet of business continuity planning is key to maximizing risk management," he says. He recommends that organizations seek a third-party analysis by an industry expert to "review their current posture on the risk scale." Regardless of whether identity theft occurs in the workplace or elsewhere, "As individuals grow more expectant of real help as opposed to advice, employer-paid fraud solutions are sure to be recognized as a valuable recruiting and retention tool," Allen says.
April 5, 2007 Copyright 2007© LRP Publications |
||||||
Print
Email
Write to the Editor
Reprints
|
||||
|
||||
|
||||
|
© Copyright 2010 LRP Publications. All rights reserved.
|
||||