“Prevent Identity Theft with Responsible Information-Handling Practices
in the Workplace” (Givens)
In “Preventing Identity Theft,” Givens states that there are basically two parties which must take action to prevent identity theft: the consumer and the collector of information. This article concerns responsible information handling methods in the business arena. Givens states that employers place sensitive information at risk by not properly screening dishonest employees and by not implementing adequate safeguards for information.
Givens suggests and describes fourteen measures to take to safe guard information in the workplace. Though each of these measures is important, I found several to be quite poignant and will comment on them.
Institutions should adopt a comprehensive privacy policy that includes measures to be taken to safeguard information. In addition to the policy, a specific person should be identified as responsible for the policy. This additional step to the policy puts a face to the policy for me and offers a person to call or consult regarding sensitive information. It also heightens importance and awareness. This seems more effective than requiring employees to read legal jargon they can barely decipher and then click “I understand and will comply.” Employees may click “yes” because they cannot work unless they do. I do not believe that agreement with the policy infers understanding it or its importance and ramifications. The personal addition is an excellent idea.
Institutions should dispose of documents carefully. I am impressed with how critical this is. It is also very costly. Cost is passed to the consumer. Our society is paying heavily to safeguard against sensitive information and identity crimes. I wish there were effective methods to prevent these crimes from being possible at all.
Givens suggests that data access should be restricted to a needs basis only. This restriction serves as means of keeping employees focused to their own work product and record. It limits the number of individuals who have access to the entire record; there are fewer individuals to track. It protects consumer privacy by disallowing “the dots to be connected” by a large number of employees. This is a very effective method of securing information.
Regular auditing of compliance as well as informing employees that they will be regularly audited, lends itself to a culture of safety awareness. Auditing of individuals is not personal, but institutional policy. It applies to each employee. Security of the product or protection of the sensitive record and the person it represents is the goal.
Work Cited
Givens, Beth. “Prevent Identity Theft with Responsible Information-Handling
Practices in the Workplace.” Privacy Rights Clearinghouse. March 2004.
14 Nov. 2008. <http://www.privacyrights.org/ar/PreventITWorkplace.htm>.
.
No comments:
Post a Comment