In recent years identity protection has become an increasingly big deal. Specifically, the handling of Social Security Numbers (SSNs) by companies has been reworked in a number of states in order to better safeguard their employees against identity theft. The sudden concern arose primarily due to companies putting employee’s financial information at risk for years by asking for SSNs in places they really do not need to be. Identification cards, employment applications, pay stubs, mail, or even the electronic transmission of SSNs via the internet all unnecessarily heighten the risk for identity theft. With today’s criminals consistently finding new ways to exploit inadequate security systems, it’s important that companies and employers strive to cut down on excessive exposure of sensitive information.
In most states across the U.S. it is illegal to do the following:
- · Publicly display or post more than the last four digits of SSNs.
- · Print SSNs on employees’ badges, parking permits or timecards.
- · Require people to use their SSN to access a website unless encrypted or over a secure connection. Getting lanyards for conferences is a good idea so one doesn’t lose their ID.
- · Use more than the last four digits to access a website unless a password or other unique identifier is also required.
- · Use more than the last four digits of an SSN as an employee number.
- · Send SSNs through the mail, unless the documents are applications or other such forms; and then SSNs must not be visible through a windowed envelope.
- · Keep unsecured files containing SSNs and allow non authorized personnel access to such files.
The California Office of Privacy Protection has put together a set of recommendations, click here, for any entities who wish to tighten up their SSN practices.