Identity Theft Threatens You and Your Company, Not Just Your Employees

And now the Government may want you — the business owner — to pay for it.

A Michigan State University survey found that 51% of the ID theft occurs at work. The ID that’s stolen at work is a bigger potential problem than the millions of IDs stolen from the Internet.

Why? Because when it happens at work it was stolen on purpose. It will be used, undoubtedly for bad purposes.

2003 legislation (FACTA — Fair & Accurate Credit Transactions Act) says if the loss occurred because of anything you did or didn’t do, you're is liable for all of the employee’s costs... an average of almost $93,000 per incident.

What can you do? You're undoubtedly asking that question both as an employer and as a person who might personally be a victim.

For you, the employer, here are several steps that will limit your liability. Nothing will keep you totally risk-free, but this will help against fines and penalties.

Luckily there are some actions you can take to create an “affirmative defense” to help limit your liability. First, implement the actions required under an-other privacy-protection law, the Graham, Leach, Bliley law. It requires three steps:

1. Appoint an Information Security officer.
2. Adopt a written privacy plan.
3. Train employees who handle NPI (“non-public information”) about appropriate privacy-safeguarding techniques.

We provide our clients -- at no cost to them -- with prototype documents for their counsel to review and we also run the training for them. We'll gladly do the same for you. Free.

Next we help you implement the suggestions outlined by Business and Legal Reports magazine and the FTC.

Specifically, we help you offer a benefit plan (you needn’t help pay for this) that lets employees purchase ID Theft protection products via payroll withholding.

We also run the required mandatory ID Theft education meetings -- just like the meetings you hold to discuss health insurance or other group changes. At these meetings we teach your employees about the risk of ID Theft and how to minimize and monitor it.

Those aren’t the only steps you should take. While you’re at it, why not look for gaps in your privacy shield? Reducing the chance of a theft occurring is a wise decision in any event.

But the above steps help you in two ways. First, if an employee’s identity is stolen, the protection product he purchased will keep his loss — and your liability — at a minimum.

Second, you can show that you’ve acted in good faith because you · adopted a privacy policy, · appointed a security officer, · trained the employees handling NPI · educated your employees, and · provided the ability to purchase protection.

What more could you have done? It’s certainly not your fault the employee chose not to protect himself.

Third, if several employees have their IDs stolen in a short period of time, it’s probably a red flag that there’s something funny going on somewhere in the company. It gives you warning to take internal action.