|6/11/2005 – Employers must guard private data|
Q: I work for a financial company. When I was hired, I agreed that the company could conduct a background check. I am worried about identity theft, and I know my employer has this private information about me in my personnel file. Are there laws about protecting my information so it can’t be discovered or used by someone else?
A: California law requires employers to protect confidential information about their employees. New rules under the Fair and Accurate Credit Transactions Act (FACT Act) require that employers properly dispose of documents — including those that contain consumer information — and is aimed at reducing identity theft. It was signed into law on Dec. 4, 2003, and became effective June 1.
Consumer information is broadly defined in the act: It includes any record about an individual, whether in paper, electronic or other form, that is a consumer report or is derived from a consumer report.
If your employer maintains information about you, including credit information, criminal background or other information obtained through a background check, either on paper or on electronic media, the act requires your employer to institute reasonable measures to properly dispose of the information. What is considered reasonable will vary depending on the employer, the cost and benefits of available disposal methods, and the sensitivity of the information involved.
The act explains some of the reasonable measures an employer may take to protect information against unauthorized access or use. Examples include:
• Implementing policies and procedures that require burning, pulverizing or shredding of papers — or destruction or erasure of electronic media — containing consumer information so information cannot be read or reconstructed.
• Entering into a contract with an information disposal company.
Other suggestions for employers include:
• Implementing disposal methods and office-wide procedures for separating print and other media that contain consumer information from regular office refuse.
• Consulting with a computer specialist about how best to dispose of electronic information.
• Informing employees who have access to consumer information about the new law and the importance of compliance.
• Coordinating proper disposal of confidential information with procedures regarding record retention.
The goal is to make sure that no one can read or gain access to information after it is disposed of by an employer. While employers have become accustomed to protecting confidential information, they now need to take the next step to ensure their disposal methods continue that protection through destruction of confidential information.
There are severe penalties for failure to follow this new law. An employee can recover actual damages for all damages incurred from identity theft. An employer may be liable for statutory damages of up to $1,000 per employee, and the federal government can fine the employer up to $2,500 for each violation.
Jacqueline McManus is a lawyer with the Fenton & Keller law firm in Monterey. This column is intended to answer questions of general interest and should not be construed as legal advice. Mail queries to “Workplace Law,” c/o The Monterey County Herald, P.O. Box 271, Monterey 93942.
paper shredding services