Identity Theft in the Workplace: Protecting Your Employees-And Yourself

As you have probably heard, identity theft across the nation is growing at an alarming rate, particularly in the workplace. With this upsurge, victims are increasingly looking to recover damages from the companies from which their information was stolen.

What Is Identity Theft?
Identity theft occurs when someone uses the personal information (usually a social security number, name, date of birth, or credit card number) of another fraudulently and without permission. The thief typically uses this information to obtain money, goods, or services, but identity theft is also used to obtain identification cards and other government-issued documents.

Identity Theft – A Growing Problem
According to FBI statistics, identity theft is our nation’s fastest growing crime. In 2004, the Federal Trade Commission, which operates a nationwide identity theft hotline, announced that for the fourth straight year identity theft topped the list of consumer complaints. In 2004 alone, the FTC reported that there were almost 44,000 victims of identity theft in California. With 122 victims per 100,000 people, California ranked third in the nation behind only Nevada and Arizona.

The Legislative Response
Legislative response to the rise in identity theft has occurred on the national and state levels. In 1998, Congress passed a law making it a federal crime to use another’s identity to carry out an activity that violates federal law or that is a felony under state law. Similarly, California law now makes it a felony to use the personal identifying information of another for any unlawful purpose without the authorization of that person. A California statute also requires businesses and government agencies to notify consumers if hackers gain entry to computers that contain unencrypted personal information such as credit cards, social security numbers, and driver’s license numbers. That same statute allows any person injured by a violation of the law to file a civil suit against the company or agency.

Expansion Of Identity Theft Into The Workplace
Initially, stealing mail and wallets was the primary form of identity theft, but recently criminals have expanded to hacking into computers and copying company databases to obtain private information. Two examples illustrate the expansion of identity theft into the workplace. First, in San Diego, a dishonest employee obtained access to a storage room where past payroll information was filed. The employee obtained Social Security numbers from 100 current and former employees and used them to obtain credit in their names. Second, a Nigerian crime ring was employed temporarily at a very large corporation. One of the Nigerian employees downloaded an employee list containing social security numbers, then used the numbers to obtain credit and make fraudulent purchases. The employees did not know about the concerted thievery until they shared stories with their co-workers and learned that many of them had been victimized.

Identity Theft & The Employer – New Grounds For Recovery
Employees and their lawyers are considering potential grounds for recovery of when their personal information is misappropriated from work. Case law is relatively undeveloped, but two theories have materialized as potential grounds for recovery. The first theory is based on invasion of privacy. A short time ago, 204 employees of a Minnesota trucking company filed a class action lawsuit against their employer after their social security numbers were faxed to 16 terminal managers. They claimed that this was an invasion of privacy because the company released personal, confidential information without their permission. The Minnesota Court of Appeals agreed, and overturned a trial court order dismissing the claim. The trucking company sought review of the ruling, and the Minnesota Supreme Court overruled the Court of Appeals, finding that the employer’s dissemination of social security numbers to terminal managers did not constitute publication under the definition of invasion of privacy. Although the anti-employer decision was overturned, the case demonstrates a legitimate possibility that an employer’s failure to guard against disclosure of employees’ confidential information could lead to invasion of privacy lawsuits. The second theory is based on negligence principles. Recently, a Michigan appellate court upheld a $275,000 jury verdict awarded to several 911 operators who were victims of identity theft. The plaintiffs filed a negligence action against their union after discovering that the person behind their identity theft was the daughter of the union treasurer. The union treasurer took private company records out of the office, and her daughter somehow obtained the information and misused it. In upholding the verdict, the court found that the union owed a duty of care to its members, and that identity theft was a foreseeable consequence of a breach of that duty. Although limiting its holding to the facts, the decision signals a wakeup call to employers—take proper steps to ensure confidentiality of your employee’s private information, or be liable for the consequences.

How To Protect Yourself – A Self Survey
For tips on how to avoid or limit liability in the event that identity theft strikes the workplace, check the Identity Theft Resource Center website, accessible at