It's hard to miss all of the news stories about identity theft these days. Stolen laptops, misplaced backup tapes, hacked web sites-we hear about them all the time. Have you thought about how your company protects its customers and employees from identity theft?
The most valuable piece of personal information that businesses hold is the Social Security Number (SSN). The President's Identity Theft Task Force recently issued some recommendations concerning SSNs, and I would like to share them with you. These recommendations are very basic, but also very powerful.
If your company has already implemented these recommendations, then congratulations! You are ahead of the game. But most of us likely have some work to do. The good news is that these four steps are very simple, but they are very powerful, and taking simple steps like these goes a long way in preventing identity theft.
Faced with an IT quandary? Want the latest buzzword explained or just need to know how a technology works? Send me a line: This email address is being protected from spambots. You need JavaScript enabled to view it.
The most valuable piece of personal information that businesses hold is the Social Security Number (SSN). The President's Identity Theft Task Force recently issued some recommendations concerning SSNs, and I would like to share them with you. These recommendations are very basic, but also very powerful.
- If you don't need it, don't collect it! SSNs are used for all sorts of purposes, and most of them have nothing to do with Social Security or taxes. If you don't absolutely need it for your business, then don't collect it. We all have to collect SSNs from our employees, but keep other SSN collection to a minimum.
- Don't use the SSN as a personal identifier or lookup key. If you identify customers by SSN, use customer numbers instead.If you identify employees by SSN, use employee numbers instead. The only place most businesses need it is for payroll and tax reporting—don't use it for anything else unless you have a good reason.
- Don't show SSNs unless it is necessary. Many customer databases and HR systems will show the SSN on all sorts of screens and reports. Take it off as many places as possible. Where you still need to show it, then mask it if possible. Mask the SSN so that only part of the number is visible, for example xxx-xx-1234.
- When you do show it, only show it to people who really need to see it. For employees, part of your HR department may need it. For customer SSNs, limit access to a small group of people. Otherwise, don't show it.
If your company has already implemented these recommendations, then congratulations! You are ahead of the game. But most of us likely have some work to do. The good news is that these four steps are very simple, but they are very powerful, and taking simple steps like these goes a long way in preventing identity theft.
Faced with an IT quandary? Want the latest buzzword explained or just need to know how a technology works? Send me a line: This email address is being protected from spambots. You need JavaScript enabled to view it.