Identity Theft can be found just about everywhere. It is one of the most prevalent crimes of the modern age. This is due to our technology entering the digital era of communication. Even if the crime of identity theft has not happened to you, most likely it has happened to someone that you know. For seven consecutive years (up till 2008), the number one consumer fraud complaint reported by the Federal Trade Commission (FTC) was identity theft. The related FTC data also points to one in twenty two Americans becoming victims of this type of fraud.
Examples of the repercussions connected to identity theft have included the fraudulent procuring of medical treatment, electronic items for resale and home purchases. Once the victim’s credit has been compromised, it can become sometimes impossible for them to recover, unless many years are spent trying to undo the damage. Even more seriously, suspected terrorist activities can be funded through this type of criminal activity.
For those who work in an office, identity theft can be the storage place of one’s most sensitive data. This is particularly true in the Human Resources and Payroll departments. In addition, individual corporate tracking systems, related to company benefits and other data systems, can each harbor sensitive pieces of information such as: employee Social Security numbers, bonus payout info, commission payment info, merit increase info, performance management info, network log-in and passwords and email contents.
Database extracts and various reports are performed by corporate entities such as: the IT department, Finance and Compensation departments throughout the day, pretty much every day. Not to mention all the backups that are performed and stored on a daily basis. Also to be considered are 401(k) and other pension-related accounting systems. For some, there are easily forgotten tracking devices that will record items such as birthdays, driver’s license information and pay check images. Imagine how many people within the workplace can have access to this data at any given moment.
Should any of this data become compromised, the results could be devastating to the point of being irreparable. Stolen data could be used for impersonation purposes within literally thousands of connected systems. It can also be used to fraudulently obtain the digital identifications of other victims, as well. This translates into a massive potential problem with a scale that is nearly incomprehensible. This is more than just a credit card stolen out of someone’s purse. It can be a disruption of just about everything that a person tries to achieve when it comes to items connected with a credit rating. This can range from something as simple as buying a car to very serious items such as being hired by an employer or obtaining needed medical care. Repairing the issues that arise can become an endless series of one fix after another. The stolen identity can also be used throughout the globe, where there is a data market that extends beyond the reach of U.S. law enforcement agencies. In addition the global stolen data market is amazingly agile when it comes to protecting itself from attempts at shutting it down.
Within the last few years, there have been changes within the realm of corporate identity theft penalties. These changes have significantly increased the penalties associated with corporate-related identity theft. For example, penalties have increased for those employers who have been negligent when it comes to protecting employee identity data. In such cases, both civil and federal fines may be imposed. Some states now have laws that impose even greater penalties. This has led to an overall increased diligence and awareness, on the part of corporations, when it comes to protecting employee information.
But the main problem is that protecting employee personal data is becoming increasingly more difficult. Part of this has to do with the use of outsourced services for corporate functions relating to their employees. These can include: background checks, payroll, job testing, recruiting and different benefit programs. In some cases, full-scale Human Resources outsourcing is employed. The same holds true for outsourcing IT services. Is it possible to know where every piece of a corporation’s data is located? How can a corporation take charge of securing data that it doesn’t have in its possession?
There is also the current trend of working from home by logging onto the corporate network. Remote virtual offices and virtual networks have made it far more difficult to manage data flow. Data can be downloaded from home and burned onto a CD or saved onto a USB drive and then transferred to a home PC. The complexity of the problem is increasing as the technology and business applications expand. Because of this, many have speculated that the problem is growing past the point of being able to be completely understood by most, if not all, data security teams.
In the end, the result may be a perfect storm of personal data loss and id theft with increased security problems and subsequent litigation. The workplace is at special risk because of the need to expose employee data to external sources as well as other employees. In the end, HR departments must undertake the steps to do what is necessary in order to protect employee data.