Identity Theft for HR Professionals
This afternoon, I delivered a presentation (pdf warning) to the York Society of Human Resources Managers on the subject of identity theft. Now, everyone understands identity theft from the perspective of a consumer, i.e., the poor sap whose identity is stolen, but identity theft from the perspective of an HR professional is, as I found out, a rather different kettle of fish.
.jpg)
The presentation discusses two recent Pennsylvania laws that bear on identity theft as well as the federal "shredder law," all of which place obligations on businesses that maintain confidential/personal information, whether for customers or employees. In addition, the presentation considers a relatively recent negligence case (pdf warning) out of Michigan as a cautionary tale for Pennsylvania businesses that don't take sufficient precautions to guard employees' confidential/personal information. Although the law elucidated in the Michigan case is not yet the law of Pennsylvania, I suspect it may be if and when such a case percolates through the courts. The very bottom line? Businesses should stop using employee social security numbers for any purpose not strictly necessary. If you can accomplish that, you've halfway cracked the nut.
Over at their joint blog, Becker and Posner bring a law-and-economics approach to bear on the issue of deterring ID Theft Although the discussion is from last September, it remains interesting stuff. Really, though, how could it not?
The presentation discusses two recent Pennsylvania laws that bear on identity theft as well as the federal "shredder law," all of which place obligations on businesses that maintain confidential/personal information, whether for customers or employees. In addition, the presentation considers a relatively recent negligence case (pdf warning) out of Michigan as a cautionary tale for Pennsylvania businesses that don't take sufficient precautions to guard employees' confidential/personal information. Although the law elucidated in the Michigan case is not yet the law of Pennsylvania, I suspect it may be if and when such a case percolates through the courts. The very bottom line? Businesses should stop using employee social security numbers for any purpose not strictly necessary. If you can accomplish that, you've halfway cracked the nut.Over at their joint blog, Becker and Posner bring a law-and-economics approach to bear on the issue of deterring ID Theft Although the discussion is from last September, it remains interesting stuff. Really, though, how could it not?
