The Dual Peril of Identity Theft
Cases of identity theft are on the rise, presenting employers with a twofold challenge – protecting both worker and customer information. Although there’s some dispute about the exact extent of the problem, there’s little doubt that ID theft is a serious peril to the bottom line.
Javelin Strategy & Research reports that in the U.S., 9.3 million people were victims of ID theft in 2004 (Wegner, 2005). However, the Federal Trade Commission (FTC) argues that many of those nearly 10 million cases are check fraud, credit card theft and other violations – not what most consider ID theft. So far, about 160,000 victims have reported their cases to the FTC’s Identity Theft Data Clearinghouse (Carnahan, 2005).
Fifty to seventy percent of ID theft cases happen in the workplace, claims Judith M. Collins, a professor of industrial and organizational psychology at Michigan State University. In the past, employees mainly stole merchandise, but now some are stealing information as well. Thieves focus on finance and healthcare sectors because these sectors handle sensitive information. She notes that most inside ID thieves operate in groups and tend to be contract or temporary workers in entry-level positions (“Most Identity Theft,” 2005).
ID theft also occurs via information technologies. For example, over 200,000 customers were victimized when their personal information was stolen through ChoicePoint and Lexis-Nexis in 2004. ID thieves are joining forces to create organized, and often international, businesses to sell information online, sometimes in specialized chat rooms, the U.S Department of Justice reports (“What’s in a Name?” 2005).
There’s even a relationship between ID theft and drugs. According to some reports, methamphetamine addiction is sparking ID theft operations. Drug suppliers trade meth for data gleaned by addicts who gather information by pickpocketing, mailbox thievery or other means (Sullivan, 2004).
When employee or customer data is compromised, the fallout is serious. Workers lose time trying to restore their credit, which is crucial for those trying to qualify for home or car loans. ID theft can also spark a mass customer exodus and loss of sales. Fear of ID theft is prompting millions of U.S. customers to change banks and quit buying merchandise online. Financial Insights reports that even before several major ID theft cases occurred in 2005, 6% of surveyed customers changed banks and 18% quit buying products online because they questioned the security of personal information. These percentages translate into a total of 12 million and 39 million individuals, respectively, nationwide ( Chu, 2005).
Another concern is that a Michigan jury has opened the door to making companies liable for failing to maintain the privacy of personal information, according to attorney Philip Gordon of the Littler Mendelson law firm. The jury awarded $275,000 to Michigan employees whose union, the American Federation of State, County and Municipal Employees, failed to protect their drivers’ licenses and Social Security numbers. State lawmakers across the country are also crafting new laws and codes intended to guard against identity theft, often by creating new obligations for employers. Some of these laws are intent, for example, on making sure employers do a better job of safeguarding employees’ personal information (Cadrain, 2005).
So how can employers respond? Many companies are revamping operations to protect employee data. One primary safeguard is restricting the use of Social Security numbers on timesheets, forms and computer user IDs. Of 419 respondents to a SHRM survey, 95% keep workers’ personnel files under lock and key and restrict access and 54% maintain written privacy policies to protect employee data, but only about a quarter teach fraud prevention and just a fifth address how to respond if a breach of security occurs (“What to Do Now,” 2004).
Paper shredders have also become standard equipment in many offices and homes. Annual shredder sales to both businesses and homes increased 20% to 25% each year between 2002 and 2004, according to the School, Home & Office Products Association. Professional shredding businesses are booming as well (Carnahan, 2005).
ID theft coverage is also emerging as an employee benefit and may be an inexpensive way to help workers rebound. Average per-employee costs range from only a few cents to $2 a year, according to St. Paul Travelers (Santosus, 2005).
It’s crucial for employers to be aware of the risks they face from the workforce and from outside attackers. It may help to imagine the worst-case scenario and devise a response plan to aid employees or customers in such an event.
Documents used in the preparation of this TrendWatcher include:
Cadrain, Diane. “Employer Liability for Identity Theft May Be Growing.” HR News [www.shrm.org]. May 2, 2005.
Carnahan, Ira. “Shredder Nation.” Forbes. ProQuest. April 25, 2005, p. 42.
Chu, Kathy. “Banks and Online Retailers Lose Customers to the Fear of ID Theft.” Wall Street Journal Online [Dow Jones Newswires] [online.wsj.com]. March 24, 2005.
“Most Identity Theft Occurs at Workplace, but Employers Can Reduce It, Professor Says.” Human Resources Report, January 24, 2005, p. 77.
Santosus, Megan. “ID Insurance a New HR Benefit.” CIO Magazine [www.cio.com]. May 15, 2005.
Sullivan, Bob. “The Meth Connection to Identity Theft.” MSNBC.com [www.msnbc.com]. March 10, 2004.
Wegner, Jonathan. “ID Theft Insurance Scrutinized.” Omaha World-Herald, April 7, 2005, pp. 1D, 2D.
“What’s in a Name?” The Economist, March 5, 2005, p. 62.
“What to Do Now to Protect Employees from Identity Theft.” HRfocus, October 2004, p. 8.
Javelin Strategy & Research reports that in the U.S., 9.3 million people were victims of ID theft in 2004 (Wegner, 2005). However, the Federal Trade Commission (FTC) argues that many of those nearly 10 million cases are check fraud, credit card theft and other violations – not what most consider ID theft. So far, about 160,000 victims have reported their cases to the FTC’s Identity Theft Data Clearinghouse (Carnahan, 2005).
Fifty to seventy percent of ID theft cases happen in the workplace, claims Judith M. Collins, a professor of industrial and organizational psychology at Michigan State University. In the past, employees mainly stole merchandise, but now some are stealing information as well. Thieves focus on finance and healthcare sectors because these sectors handle sensitive information. She notes that most inside ID thieves operate in groups and tend to be contract or temporary workers in entry-level positions (“Most Identity Theft,” 2005).
ID theft also occurs via information technologies. For example, over 200,000 customers were victimized when their personal information was stolen through ChoicePoint and Lexis-Nexis in 2004. ID thieves are joining forces to create organized, and often international, businesses to sell information online, sometimes in specialized chat rooms, the U.S Department of Justice reports (“What’s in a Name?” 2005).
There’s even a relationship between ID theft and drugs. According to some reports, methamphetamine addiction is sparking ID theft operations. Drug suppliers trade meth for data gleaned by addicts who gather information by pickpocketing, mailbox thievery or other means (Sullivan, 2004).
When employee or customer data is compromised, the fallout is serious. Workers lose time trying to restore their credit, which is crucial for those trying to qualify for home or car loans. ID theft can also spark a mass customer exodus and loss of sales. Fear of ID theft is prompting millions of U.S. customers to change banks and quit buying merchandise online. Financial Insights reports that even before several major ID theft cases occurred in 2005, 6% of surveyed customers changed banks and 18% quit buying products online because they questioned the security of personal information. These percentages translate into a total of 12 million and 39 million individuals, respectively, nationwide ( Chu, 2005).
Another concern is that a Michigan jury has opened the door to making companies liable for failing to maintain the privacy of personal information, according to attorney Philip Gordon of the Littler Mendelson law firm. The jury awarded $275,000 to Michigan employees whose union, the American Federation of State, County and Municipal Employees, failed to protect their drivers’ licenses and Social Security numbers. State lawmakers across the country are also crafting new laws and codes intended to guard against identity theft, often by creating new obligations for employers. Some of these laws are intent, for example, on making sure employers do a better job of safeguarding employees’ personal information (Cadrain, 2005).
So how can employers respond? Many companies are revamping operations to protect employee data. One primary safeguard is restricting the use of Social Security numbers on timesheets, forms and computer user IDs. Of 419 respondents to a SHRM survey, 95% keep workers’ personnel files under lock and key and restrict access and 54% maintain written privacy policies to protect employee data, but only about a quarter teach fraud prevention and just a fifth address how to respond if a breach of security occurs (“What to Do Now,” 2004).
Paper shredders have also become standard equipment in many offices and homes. Annual shredder sales to both businesses and homes increased 20% to 25% each year between 2002 and 2004, according to the School, Home & Office Products Association. Professional shredding businesses are booming as well (Carnahan, 2005).
ID theft coverage is also emerging as an employee benefit and may be an inexpensive way to help workers rebound. Average per-employee costs range from only a few cents to $2 a year, according to St. Paul Travelers (Santosus, 2005).
It’s crucial for employers to be aware of the risks they face from the workforce and from outside attackers. It may help to imagine the worst-case scenario and devise a response plan to aid employees or customers in such an event.
Documents used in the preparation of this TrendWatcher include:
Cadrain, Diane. “Employer Liability for Identity Theft May Be Growing.” HR News [www.shrm.org]. May 2, 2005.
Carnahan, Ira. “Shredder Nation.” Forbes. ProQuest. April 25, 2005, p. 42.
Chu, Kathy. “Banks and Online Retailers Lose Customers to the Fear of ID Theft.” Wall Street Journal Online [Dow Jones Newswires] [online.wsj.com]. March 24, 2005.
“Most Identity Theft Occurs at Workplace, but Employers Can Reduce It, Professor Says.” Human Resources Report, January 24, 2005, p. 77.
Santosus, Megan. “ID Insurance a New HR Benefit.” CIO Magazine [www.cio.com]. May 15, 2005.
Sullivan, Bob. “The Meth Connection to Identity Theft.” MSNBC.com [www.msnbc.com]. March 10, 2004.
Wegner, Jonathan. “ID Theft Insurance Scrutinized.” Omaha World-Herald, April 7, 2005, pp. 1D, 2D.
“What’s in a Name?” The Economist, March 5, 2005, p. 62.
“What to Do Now to Protect Employees from Identity Theft.” HRfocus, October 2004, p. 8.