You may have never thought about it, but your employee file holds a lot of your personal information, such as your address, telephone number, social security, and maybe even bank account numbers if you use direct deposit for your paycheck. That's the kind of information identity thieves and others are after. So, who's making sure they don't get it?
The Privacy Act is a federal law protecting the personal information of federal employees that's contained in employment and other records. It sets out what types of employee information may be collected and when and by whom it may be disclosed to other people. A 2010 Kentucky case shows how it works.
A federal investigator was looking into unauthorized computer use by federal inmates at a prison hospital in the state. When the agent left the hospital, he left behind a file folder on a non-government worker's desk containing the names, addresses, social security numbers, home telephone numbers, pay grades, and other personal information of all government employees at the hospital. Later, over 100 of the workers filed a lawsuit under the Privacy Act (and the Federal Tort Claims Act).
The workers claimed the agent and others violated the Privacy Act because inmates and other employees had access to and saw their personal information in the folder. Ultimately, the courts agreed with the workers. Most of them were awarded $1,000 in damages, and given permission to ask for more damages based on "lost time."
Anyone Else Protected?
While the Privacy Act applies to and protects federal workers, many states have similar laws protecting state and local government employees' personal information. However, there are very few legal requirements when it comes to private employers and their workers' records and personal information. There are a few general exceptions, though:
- Employers covered by the Americans with Disabilities Act (ADA) must protect the privacy and confidentiality of medical information of any employee who has a handicap, disability, or impairment covered by the ADA
- Many employers who provide health care benefits to their employees must protect the privacy and confidentiality of their workers' personal health and medical information under the Health Insurance Portability and Accountability Act (HIPAA)
- Government agencies, life the IRS and state taxation agencies, who receive your personal information from your employer are required to keep your information safe and secure
As a practical matter, however, most employers make every effort to protect their employees' personal information, such as by:
- Keeping them in a secure location, such as a locked filing room, an off-site storage facility, or secure computer server
- Making sure access to the records is restricted to only those who need it, such as supervisors, human resources personnel, and the employees themselves
- Having a written policy, usually in the employee handbook, detailing how the employer protects employees' information and the employers' responsibility to tell workers about any security breaches
- Keeping a log of who, when, and why any employee's personal information was accessed
What You Can Do
No matter if you work for a government agency or a private company, you should ask your boss or human resources department about the security measures in place for personnel files and other records containing personal information. Also, check your employee handbook for details on the system.
If you think your information was accessed by someone, tell your boss or human resources department and take steps to protect yourself against identity theft immediately. If you think the law was broken, such as in the Kentucky case, contact an attorney as soon as possible. The laws are meant to help you get money to pay for identity theft prevention and recovery, as well as to make sure the employer doesn't make the same mistake again.
Personal information is like gold to identity thieves and other unsavory characters others out there. You need to do everything you can to make sure your information stays out of the wrong hands, including making sure your employer is taking care of the information it has about you.
Questions for Your Attorney
- Do the people who handle my personal information at work undergo any sort of background screening?
- Under what circumstances might my employer legally disclose my personal information to third parties?
- My employer recently implemented a security screening policy. Must I give my consent for my employer to access my credit report?