Identity Theft: Protecting Your Employees’ Identities is Good Business

by Thomas R. Kaiser Sr.


According to the Federal Trade Commission (FTC), the number one complaint consumers made in 2010 was related to identity theft[1]. There were over 250,000 complaints filed with the FTC regarding identity theft, which represented 19% of all complaints filed. Despite continued media coverage a general misconception persists that identity theft only happens to “someone else.” As a small business owner, what if that “someone else” is your own employee? And what if that theft occurred on your business premises?

Beyond the employee’s own personal lives, workplace thefts do account for a significant portion of identity theft cases each year[2]. Employers need to be conscious of these risks, and though they cannot completely protect their employees, they can (and should) take some reasonable steps to help reduce the exposure of their employee’s personally identifiable information (PII). Here are some simple steps an employer can take to minimize the risk of employee identity theft:

  • Restrict personnel records (SSN, bank account, etc., etc.) to authorized HR personnel
  • Ensure all authorized individuals have their own login ID and password to access databases. There should be no shared access or passwords.
  • Encourage employees to lock-up personal belongings during normal working hours and if possible provide a storage locker with individual locks
  • Do not allow visitors onto the sales or office floors or in other work areas without an employee escort who should remain with the visitor at all times
  • Mandate that all employees lock their computer when away from their desks
  • Prohibit personal mail delivery to the business
  • Develop and enforce disciplinary actions for security violations involving both customer and employee PII

Employers should incorporate as many of these measures as possible. At minimum businesses should implement the following two security measures:

  1. As an employer there is no need to use the employees SSN as an identifier on personnel records. By eliminating the SSN from personnel record employee’s risks are reduced significantly. Additionally, most states have laws that prohibit the use of the SSN as an employee identification number, and,
  2. Businesses should implement risk management training and education to its employees. New hires should be trained in the company’s information security policies and current employees should reaffirm their understanding of these policies annually.

Thomas R Kaiser Sr. is a Certified Identity Theft Risk Management Specialist in the financial services industry in mortgage banking, identity theft, check fraud and insurance.

[1] FTC Releases List of Top Consumer Complaints in 2010; Identity Theft Tops the List Again (March 8, 2011)

[2] Identity Theft Resource Center (ITRC) – In the Workplace Frequently Asked Questions (April 30, 2007)