Workplace identity theft: protecting employee information.

• Author: Sergeant, Deborah Jeanne
• Position: TECHNOLOGY

When identity theft comes to mind, you may think of a credit card offer stolen from your trash or a computer hacker breaking into your system, but probably not your company's personnel files. Considering all the private information they hold, personnel files are a gold mine to identity thieves, enabling them to cause all kinds of financial havoc for employees.

Although the Anchorage law firm of Burr, Pease & Kurtz hasn't seen many cases in this area, managing shareholder and attorney Thomas Owens said: "Federal statutes take this sort of thing very seriously. It basically says employers have a responsibility when it comes to personal medical information or personal identifiers. You have an obligation to store securely and dispose of them so that it doesn't fall into the wrong hands."

Recognize what information should be protected to prevent identity theft. The top three personal identifiers are name, date of birth and Social Security number. Armed with these, an identity thief can apply for credit cards, take out loans and create fake IDs.

Employees' home addresses, phone numbers, emergency contact (usually a spouse or parent), and work and educational history could also be valuable for thieves, as these could give clues to passwords or enable thieves to tap into bank accounts.

Health insurance policy information can be valuable to a thief who could request new cards sent to his address and steal the employee's health benefits to cover his own medical needs.

If your company performs credit checks, employees' credit history could provide thieves with numbers of closed accounts they could reopen and siphon dry. If you run drivers license checks, a scanned or copied license could offer thieves even more information they could use for a variety of nefarious operations.

FIX LAX SECURITY

Identify where the security in your company is lax and fix the breach. Lock the building when no one's there and secure the area where you store vital information.

The computer system should be password protected and guarded by up-to-date virus protection, a firewall and a secured wireless network to keep hackers out.

"One of the easiest ways is to contact an IT firm that specializes in security and have them do an audit," said Scott Thorson, CEO of Network Business Systems in Anchorage. "We look at how they're connected to the Internet. That's where the largest number of threats come from. We were getting about 5,000 to 7,000 unauthorized requests for access a...