Shelley Sawers, wife of the new head of the British Secret Intelligence Service MI6, opened a Facebook account and posted photographs of her family, the location of their home and the identities of several close family friends and associates.

Her husband must’ve been pretty surprised to learn his wife had posted such personal information (as well as pictures of him in his swim trunks) on a social networking site, given that MI6 employees are bound by strict secrecy guidelines.

Mrs. Sawers’ family will most-likely need to be moved and her children may now need extra protection.

The move was not only an embarrassment for her husband, but the British government, which just announced its new “strategy for cyber security,” a cross-government program to address the UK’s cyber security issues.

You may not be head of the Secret Intelligence Service, but how important do you think it is to keep personal information or pictures off social networking sites?

Don’t ask people to e-mail you.

Apparently, spammers have been trolling Twitter to locate fresh e-mail addresses to add to their lists. The common strategy is to use a program that searches the site for phrases like “E-mail me at” or “Contact me at” and automatically copies the address that follows.

Experts recommend keeping e-mail addresses out of Twitter posts. In a post about an open position, for example, instead of giving an e-mail address to send resumes, give readers a link to a listing on a job board or your company’s site.

One in five companies have experienced insider sabotage or security fraud by a member of the IT staff, according to a new survey of 400 IT administrators by CyberArk. Of those companies, 36% say the IT employee delivered privileged information to a competitor.

Overall, 33% of IT workers admit they’ve used their administration rights to access confidential information, such as HR records, customer databases and layoff lists.

To make sure your business isn’t the victim of sabotage or theft, here are some tips experts recommend:

• Perform reference/background checks — Checking applicants’ history is one way to keep out IT staffers who might abuse their access privileges.
• Make sure the rules are clear — IT employees can be more likely to violate policies than other employees because they have a better idea of how to get around technology controls. That’s why it’s important to have rules about who can access what and discipline people who break them.
• Restrict access — Employees should only be able to view data that they need for their jobs.
• Change passwords — Passwords should be changed regularly and be complex enough to stay unpredictable. That’ll reduce the likelihood of unauthorized employees (or even ex-employees) accessing things they shouldn’t.

Probably not, experts say.

The automated Telephone Number Employer Verification (TEVN) system is set to be available in late September, replacing the current operator-assisted hot line.

TEVN will allow employers to verify up to 10 names and SSNs at a time without having to wait to get an agent on the phone.

It’s definitely an improvement over the hotline, but there’s already a system available that lets employers verify more numbers in less time. The online Social Security Number Verification Service (SSNVS) lets employers:

• verify up to 10 names and SSNs with immediate results, and
• upload files of up to 250,000 names and numbers and get results the next business day.

Plus, both SSNVS and TEVN require you to register with SSA’s Business Services Online. So once that’s done, most employers will have little reason to get on the phone.

How exempt employees use their computers while they’re forced to stay home.

Employers have to pay exempt employees for weeks in which they spend any time working — and that may include even small tasks, like checking and responding to e-mail and listening to voice messages.

To avoid getting stuck paying those employees, attorneys recommend having a strict policy against performing those tasks while home. Also, they suggest employers hold on to any BlackBerries, laptops and other devices issue to workers and have managers emphasize that they aren’t expected to check into the office while on leave.

Last week, the IRS announced a proposal to start collecting taxes on employees’ personal use of work-issued cell phones. A few days later, the agency had a change of heart.

It wasn’t a new idea — the taxes are technically already required. A 1989 law classifies personal use of a business phone as a taxable benefit, meaning employees are required to track their calls, text messages, and downloads, and pay taxes on the value of anything not work-related.

But the law was passed when cell phones were bulky, calls were expensive and service was limited. So hardly any employees got phones, and those that did made few personal calls.

Once cell phones became common, the IRS stopped enforcing the law. That stance looked like it was going to change, though, when the agency unveiled a plan to collect the taxes.

To ease the administrative burden of tracking every call, the IRS came up with three other options:

1. Consider 75% of phone use to be work-related, and the other 25% to be personal, across the board. All employees would pay tax on the 25%, regardless of how they used the phone.
2. Let employees prove they have a personal cell phone they can use during work hours. Then they wouldn’t be taxed at all for the work-issued phone.
3. Have employers take a statistical sampling to determine employees’ average personal use.

The IRS announced it would take public comments on the proposals until Sept. 4. But it looks like they got enough already.

Even with the three options, the proposal generated an outcry of protest from IT and accounting staffers worried about dealing with call records; HR and benefits pros concerned about one of their perks diminishing in value; and anyone with a work-issued cell phone who doesn’t want to pay more taxes.

In response, the agency reversed its position. In a statement released last week, IRS chairman Doug Shulman asked Congress to make it clear there will be no tax consequence for employees who use work-related devices for personal reasons.

He said the purpose of the proposal was not to “crack down” on collecting the taxes, but rather to simplify the rules. However, Shulman said in the statement, “the passage of time, advances in technology, and the nature of communication in the modern workplace have rendered this law obsolete,” and keeping it on the books will “inevitably leave widespread confusion among employees and businesses.”

Bills that would repeal the old law have been introduced into both houses of Congress this year. We’ll keep you posted.

The rule’s effective date has been pushed back yet again, this time to September 8.

A regulation requiring federal contractors to use E-Verify was proposed by President Bush in June 2008 and scheduled to go into effect in January. Then, the Chamber of Commerce sued to block the rule, and President Obama moved the effective date back to give the new administration more time to review the reg.

It was then pushed back again — and again.

If the rule ever makes it into the books, it will apply to companies with contracts lasting more than 120 days, valued at more than $120,000 and involving work done in the United States.

Those companies not already using E-Verify will have to:

• enroll in the program within 30 days of being awarded the contract
• start verifying all new hires within 90 days of enrollment
• verify existing employees who are assigned to work on the contract, and
• continue using E-Verify for the duration of the contract.

Several court cases have been raised in which companies are accusing ex-execs of stealing or tampering with electronic info on their way out the door, the National Law Journal reports.

For example:

• Liska v. Motorolla, Inc. – Former Motorolla CFO Paul Liska is suing the company for wrongful termination. Motorolla, on the other hand, is accusing him of destroying evidence related to the firing that was contained on his work computer. The company’s asking the court to force him to reveal what he destroyed, what evidence he has and with whom he shared it.
• Microsoft Corp. v. Mullor – Microsoft is accusing a former employee of stealing trade secrets from a company laptop. The employee was allegedly gathering evidence illegally in order to pursue a patent infringement suit.
• Lasco Foods, Inc. v. Hall – Two Lasco employees quit their jobs to start a competing company. After they left, they refused to return company-issued laptops for several months. Lasco alleges they were copying proprietary information from the computers.

Bottom line: Tampering can come from surprising places.

To prevent electronic theft or sabotage when employees are shown the exits, it’s important for HR to communicate with IT quickly so the tech people can remove user access and complete other key security tasks.

That’s the question at the center of this court fight:

Two women in California are suing their employer after discovering a hidden camera in an office they shared. They claim the company invaded their privacy.

The employer’s explanation:

The company discovered that someone had been viewing pornography after hours on the women’s computers, so it installed a camera in the office.

The women weren’t suspected of wrong-doing, but they also weren’t told about the camera. The company claimed it was only turned on at night and never captured the women on film. In addition, the employer argued the employees had no reason to expect privacy while at work.

A California court agreed the women’s privacy was never compromised because they were never actually filmed. But that decision was overturned on appeal when a judge ruled the possibility that the woman could be watched was enough to let the case move forward.

Now, the state Supreme Court has agreed to hear the suit. We’ll keep you posted.

Cite: Hernandez v. Hillsides, Inc.

HR is a goldmine for confidential personal information that’s often the target of identity thieves. Anyone working in the HR department needs to be careful about keeping that data safe. The first step: secure passwords.

Some tips for passwords that are tough for hackers to break:

1. Use at least 8 characters, with a mix numbers and upper and lowercase letters. When a password’s only made  up of five letters, there are 11.9 million possible combinations. Sound pretty safe? Not when you consider that a password with eight mixed characters has 899.2 trillion possibilities.
2. Come up with nonsense. Many people create passwords out of actual words or phrases, because they’re easy to remember. But those are also easier for hackers to find out.
3. Change it up. Everyone in the HR department should come up with a new password once a month. One tip: Load monthly reminders on your and staffers’ computers.
4. Log off. The best password in the world doesn’t do any good if the user stays logged in constantly. When working with sensitive information, it’s important to log when stepping away even briefly. Otherwise, any passer-by should find a screen full of valuable info.