Employers forced to fight ID theft
February 2, 2009 by Sam Narisi
Filed under: Document retention, In this week's e-newsletter, Latest News & Views, Security and law
Filed under: Document retention, In this week's e-newsletter, Latest News & Views, Security and law
As identity theft becomes a bigger problem, state governments are giving more crime-fighting responsibility to organizations that store people’s personal info — including employers.
One example: New Jersey’s Identity Theft Prevention Act. Passed in 2005, the law requires businesses to notify individuals if their personal data has been compromised and limits the ways business can use or collect social security numbers.
Now, the state has proposed new regulations clarifying the steps employers must take to prevent identity theft. Under the new regs, employers will be required to:
- develop a “comprehensive written information security program” to protect against unauthorized access of personal information
- regularly test their security procedures to make sure the info continues to be safe
- ensure that all applicable vendors maintain information security standards, and
- inform state police — as well as the individuals who could be affected — if any confidential information is lost or stolen.
Other states have passed similar laws in the past few years. Check the regulations in your state to make sure your company is following all the rules.
