Thursday, December 10, 2009

When Personal Information Gets Out

My company sent around an e-mail today that let us know our benefits administrator inadverently sent out personal benefits enrollment information (including Social Security numbers) to the Human Resources department of another client.

Now that the damage has been done, what can the company do to make it right? The benefits administrator is sending a letter home to all of us explaining the mistake and also offering one free year of credit monitoring. But is that enough?

One co-worker who had learned about this type of situation in her past job said that this was insufficient: "Thieves sit on the information for a while due to the fact they know people will be monitoring and then start using when they think the coast is clear--usually after one year."

Now "luckily" this information was only sent to a another Human Resources department and the e-mails were supposedly all deleted without being read. But what if this was accidentally (or purposefully) sent to people who were not as honest? Not only is the associates' information at risk, but their families who are enrolled in the benefits are at risk as well.

This just goes to the heart of the issue: make sure that all safeguards are in place to assure that your employees' personal information never gets into the wrong hands. And if it does somehow get into someone else's hands, you need to make sure there are measures in place to correct the situation.

Do you think that our benefits administrator has done enough in this situation? What do you think they could do more (another year of monitoring, etc.)? What measures does your company have in place for this type of situation?

No comments:

Post a Comment