FACTA stands for Fair and Accurate Credit Transaction Act. The law went into effect Jan. 1, 2005. FACTA is the law which allows all Americans access to their credit report once per year. So what does that have to do with you?
On June 1, 2005, a new provision of FACTA went into effect. It says that any employer (even if you only employ one person) whose action or inaction results in the loss of employee information, can be fined by federal and state government, and sued in civil court. Bet you didn't know that. But you need to know, and need to know what you can do to protect yourself.
Small Businesses will be affected the most.
‘"A small businessman who makes a mistake could bear the brunt of a regulation like this, " says James Plummer, policy analyst at Consumer Alert, a non-profit group that focuses on a free-market approach to consumer regulations. ’
If you don't shred and information gets out, there are penalties. But what if you do shred all potential employee information, and take all necessary precautions to protect your past, current, and future employees’ identities, and the information still gets out somehow? Under FACTA, you could still be held responsible.
You may not think information theft could happen to you, but neither did a lot of companies, universities, government institutions, and businesses that have had employee or customer information stolen from them that have been in the news lately:
University of Northern Colorado
California State University (Chico)
University of California – Berkeley
University of Maryland
Las Vegas Department of Motor Vehicles
Bank of America
Weld County (CO) Employees (information stolen by an inmate while in jail)
How can you, as an employer, minimize your liability?
There are hundreds of things you can do to minimize liability, which are probably things you already do. Document shredding, careful screening of employees who will be coming into contact with personal information of customers and employees, physically locking file drawers with sensitive information, and setting up firewalls on computer equipment connected to the Internet, among hundreds of other solutions, are all good ideas.
As Ben Franklin said, “An ounce of prevention is worth a pound of cure”, is definitely the case when it comes to securing personal information. However, no matter what prevention steps you take, there is no 100% effective way to be sure that employee’s information won’t be compromised. Even if the information doesn’t get out from your company, an employee can claim that it did.
That's a scary thought! What if an employee claims that their information was stolen through the actions of your company, but there’s no real proof to back it up? You will end up hiring (or using) an attorney to represent and defend you and your company in court. At $200 - $400/hour for most attorneys across the United States, how long can you afford to defend your company?
So what can you do?
One solution that would at least provide an affirmative defense against the fines, fees, and lawsuits you could incur as an employer, is to offer some sort of Identity Theft protection as a benefit to your employees.
As an employer, you can choose whether or not to pay for this added benefit. However, the most important thing you can do is to make the protection available, and have an employee meeting, to help employees understand Identity Theft and the protection that you are making available to them. When you make the protection available, and when your employees have been educated on the dangers of Identity Theft, they can either elect to have identity theft coverage as a benefit, or they can decline the coverage as a benefit.
If the employee has Identity Theft coverage and becomes a victim, it is beneficial to your business, because an employee with Identity Theft coverage will be notified immediately of the theft, spend less time, less money, and will experience less frustration while trying to have their information restored. This will get them back on the job and focused on work more quickly.
If the employee declines the coverage, and later claims that the information was stolen as a result of you or your company’s actions, you have a piece of paper, with their signature, saying that they attended the presentation and declined the coverage.
Choosing to not make Identity Theft coverage available leaves you exposed to an unlimited dollar amount that you can be sued for under civil liability, federal fines of up to $2,500.00 per employee per incident, and state fines of up to $1,000.00 per employee per incident.
Recommended course of action? Have a benefits consultant who offers an Identity Theft protection plan present to your employees. Help them set up a 20 minute presentation with your employees, and make it mandatory that all employees attend. You want your employees to be protected from this awful crime. If they choose not to be, but you’ve given the option of being protected, then the liability becomes theirs, not yours, when they become a victim of identity theft.
About the author: Steve Mueller has over 25 years of human resource experience. He has worked in various fields of human resources; as a Trainer for Cooper Industries, Compensation and Management Development Manager for Zenith Electronics, Plant Personnel Manager for a motor manufacturing company and Benefits Manager for a multi-location distribution company. Steve holds a bachelors of science degree in education from Pittsburg State University. He has taught numerous adult education classes and seminars in the community. Steve has received community service awards for his participation in elementary school child safety programs. http://www.solutionsplan.com