Lawfully Protecting Confidential Information
Don Schmitz/Human Resource Staffing
The protection of confidential information by companies and individuals must be looked at in a whole different light as a result of new developments in technology.
The media consistently reports on missing computers resulting in identity theft, stolen personal and financial information resulting in bad credit ratings and reputations being ruined; not to mention the cost and time required to correct the situation. According to the Pioneer Press, "In Minnesota, recently, three laptop computers containing private information about 2,400 public employees and private citizens were reported stolen from the offices of Minnesota Auditor, Patricia Anderson."
Currently there are no federal laws that apply to all security breaches but twenty-three states, including Minnesota, have passed legislation. A new Minnesota law, (January 1, 2006), requires all businesses to notify individuals of a security breach if someone has acquired or has inappropriately gained access to personal information. Personal information includes, along with a person's name, any one of the following; a Social Security number, driver's license number or MN state ID number, a bank account number or credit card number with a security code that would permit a person to access that account.
Recently, I attended a conference put on by a forensic expert Jeremy Wunsch (link to web site). Wunsch got my attention and inspired me to share what I found to be critical and valuable information for all individuals and especially those controlling access to personal information in their companies. Along with many other suggestions, Jeremy asked us the following four T/F questions;
- Deleted files and email are not truly "deleted" from a computer
- Turning on a computer will destroy forensic data
- Web-based email (yahoo, hotmail, msn...) leaves copies of messages on the computer
- USB drives leave a footprint on the computer after they have been uninstalled
The answer to all four questions; TRUE.
To prevent security breaches, individuals should consider;
- Not carrying your social security card and share it only when required to do so
- Not choosing the yes option (button or check box) when your browser asks you whether to remember a password
- Using a shredder for all paper based personal information (bank statements, bills, receipts, etc)
- When ordering checks, use initials for first name and middle name. This way only your bank knows how you sign your checks
To prevent security breaches, companies should consider;
- Implementing security measures for electronic items to protect sensitive information. When employees access the computer from outside the office, consider using VPN and SSL options. Require special security codes to access company personnel information electronically
- Update employee handbooks to include stronger policies for theft or misuse of confidential company information
- Place all I-9 information and other personal information under lock and key with controlled access
- Place electronic devices such as; laptops, cell phones, blackberry's in secure or locked locations
- To protect your computer from the latest internet thefts install new security updates as soon as they become available
- Maintain an up-to-date list of ID numbers for all electronic devices
When employees
leave your company, change company passwords, and change the
hard drives if you suspect a breach of confidential information
or call in a forensic expert.
