SAVE   |   EMAIL   |   PRINT   |   RSS  
Identity exposed
5 Tips: What you can do to keep your employee information confidential.
May 4, 2005: 1:24 PM EDT
By Gerri Willis, CNN/Money contributing columnist
Video More video
CNN's Gerri Willis shares tips on what you need to know to protect your identity at work.
premium content Play video

NEW YORK (CNN/Money) - We've reported to you about security breaches at ChoicePoint, Boston College, and LexisNexis. Now, the latest case of missing personal data turns out to be closer to home.

Time Warner, parent company of CNN/Money and CNN, announced Monday that 40 computer backup tapes containing the names and social security numbers of more than 600,000 current and former employees -- plus their dependents -- were lost.

So now we're at risk of having that information fall into the hands of an identity thief. The good news? We're learning from the experience -- and so are you.

Here are five tips on what you need to know about your employer and your personal information.

1. Employers hold the key.

Your social security number is the key to your credit. With that nine-digit number and your name, an identity thief can get access to your credit history, open credit cards in your name, even take out a mortgage posing as you.

You might guard your social security card with your life. But no matter how hard you try, you can't keep it from your employer. Federal law requires them to have your social security number for tax purposes, but it doesn't require them to keep it safe.

"A cola company might safeguard its secret cola recipe with all its might, and it will do nothing to keep its own employees' identities safe," says Daniel Solove, a professor at George Washington University.

2. Snoop around.

No kidding: your name and social security number could be on a checklist about the company picnic taped to the wall in the HR office. Maybe your HR department is a little more discreet. But do you know where your information is?

Take a cruise through the office. Do the timesheets in the open employee mailroom have names and social security numbers already printed on them? Are the file cabinets containing employee profiles unlocked? Does your ID card or health card have your SSN plastered on it?

Believe it or not, this still happens. Even a human resources office where desks remain covered in paperwork overnight or personal computers are left on and unsupervised may signal a problems.

These are all red flags that your employer may not take protecting your personal information very seriously, says James Fishman, partner at Fishman & Neil Law Offices in New York.

3. Have a fit.

If your employer is guilty of being too casual with your personal information, go ahead, tell them they're wrong. Go tell your HR department you're concerned about the security of employee data.

Remind them that since February, more than 4 million consumers have been warned their personal information is at risk due to security breaches, according to the Privacy Clearinghouse.

Aside from keeping personal information files under lock and key, companies also need to lock up data in computer files.

"Most companies are keeping all employee files online now," says Solove.

Find out if your company has all employees' personal information in its computer database encrypted, which means that without a key, the data is scrambled, locked, and difficult to retrieve.

Backup computer tapes should also be encrypted so "even if a hacker can get in there, that data is not accessible," says Solove.

4. Watch your back.

It's up to you to do what you can to protect yourself. The unfortunate thing is that most people don't.

For example, LexisNexis offered the 300,000 individuals affected by a security breach at that company a credit monitoring service for one year. Only two percent of victims have signed up for it, according to Beth Givens, director of the Privacy Rights Clearinghouse.

Victims should be sure to call the credit bureaus and place fraud alerts on their records. Alert your banks and credit cards. Order your credit reports and comb through them.

If you've been warned your information was compromised in a security breach, be sure to take any fraud protection you're offered.

5. Keep an eagle eye.

"[The security breach at Time Warner] is just another example of why we all need to keep watching our credit reports," says Givens.

Fact is that companies are reporting these security breaches, but other incidents in the past or present may have exposed individuals, and they may have never known it.

Worse, your employer is not the only one out there with access to your personal information. Your doctor, dentist, and utility provider might have your social security number because, well, they asked for it.

Don't be afraid to tell them "no" next time unless it's necessary. And when you give it up, ask them how seriously they take your security.

According to Fishman, "These security breaches are an epidemic."

You can never be too safe. Check your reports at least twice a year, recommends Givens. Every American will be eligible by September to get a free annual credit report from each of the three major credit bureaus: Experian, TransUnion, and Equifax. Check out or call 1-877-322-8228.

To learn more about specific steps you should take if your employer tells you that your personnel information may have been compromised, click here.

Gerri Willis is a personal finance editor for CNN Business News and the host for Open House. E-mail comments to  Top of page


Identity Theft
Personal Finance
Computer Security
Gerri Willis
Manage alerts | What is this?