Actions Employees Can Take If Their Personal Information is Stolen From an Employer By Mark W. Klein, Esq.
-Brody, Wilkinson PC-
Despite innumerable benefits derived from living in an electronic age, inherent risks exist which can have profound and far-reaching consequences for all users of technology.With so much sensitive employee related-information now being stored electronically, employers need to be aware of the associated risks and take precautionary measures to secure employee data and protect employees.Moreover, employers should have a plan in effect to manage a breach in their system, should one occur, and to advise employees on what steps they should take independently in response to an emergency.
If an employer becomes the unfortunate target ofthe theft or its employees personal identity data, employers should advise all company representatives to close their affected bank accounts immediately and open up new accounts to protect other employees from being victimized.Employees should also advised to replace any bank or debit cards associated with those accounts in addition to all passwords and PIN numbers.In doing so, employees need to be instructed not to use their own name, city of residence, mothers maiden name, birth date, last four digits of their SSN # or phone number, a series of consecutive numbers or any other readily obtainable information when creating their new passwords or PIN numbers.If their pre-existing personal information included drivers license information, social security number, or information pertaining to other government-issued IDs, employers should guide employees to contact the Department of Motor Vehicles, local Social Security Administration agency or other appropriate governmental authority to place a fraud alert with those agencies so no third party could obtain such IDs in their name.
In the event of a security breach, employees should remain on guard and watch for any signs of identity theft, such as missing bills or inexplicable credit denials.They should also obtain free copies of their credit report as often as the law allows (which is once per year as well as within 60 days of a credit denial).Employees may also consider placing a security freeze on their credit report, instead of a mere fraud alert.A fraud alert only lasts for 90 days (unless the individual can prove that he or she is a victim of ID theft) and it still allows businesses to access information from the credit report (although they cannot open new accounts).A credit freeze is more secure because there is no time limitation and no entity is allowed to access any information from the credit report unless the individual temporarily lifts the freeze.The state of Connecticut allows individuals to place a freeze on their accounts (for a $12 fee plus $10 every time the freeze is lifted).In addition to the cost, another condition to be aware of is that it can take up to three days to lift a credit freeze.The intention of this process is to prevent instant credit decisions.
The Federal Trade Commission (FTC) also recommends filing a complaint with the FTC (since the federal government also has jurisdiction over these crimes) and a police report, even if the information has not yet been used to the individuals detriment.The filing of these reports will facilitate communications with creditors, especially if the information is used to commit a crime months or years later.
If the local police department will not prepare an Identity Theft Report because it has no jurisdiction (or because a crime did not occur), the FTC recommends filing a miscellaneous incident report with local or state police.If a crime occurred, the Connecticut Office of the Attorney General recommends that victims contact its Hartford office for possible investigation.
Finally, it is a good idea for employees to record a written chronology of the incident and personal actions taken.Detailed information of this nature is useful in the event that the experience results in a future crime.