WEST PALM BEACH, Fla. – Identity theft may be hitting a little too close to the workplace. According to the San Diego-based Identity Theft Resource Center, security breaches at work are a common way for identity thieves to gather information. That places human resource departments, where most employee information including social security numbers and even bank accounts are housed, as a treasure chest ripe for plundering. Consider this: a September 2002 report by credit reporting bureau TransUnion, finds the single most underlying source of identity fraud is the theft of employer records. In general, the Federal Trade Commission reports that more than 750,000 people will be victimized this year alone. In addition to the potential for criminal abuse, identity theft can be devastating to a victim's daily life-and a drain on employee productivity and morale as well. According to a joint study by the California Public Interest Research Group, on average, victims of identify theft and fraud spend 175 hours researching and tracking the crime, 23 months correcting credit reports and $800 in out-of-pocket expenses to restore their financial standing. Recently Patelco CU, Golden Valley FCU and RCU Services Group, a wholly owned subsidiary of Redwood Credit Union, inked a deal with Identity Fraud Inc., a new company that sells products designed to protect corporations and individuals from the consequences of identity theft and fraud. The deal provides members products and services including insurance coverage at a discounted rate. "Unfortunately, despite increasing publicity, identity fraud remains the fastest-growing white-collar crime in the United States. Once people are victimized, they face bogus bills, credit problems, and even criminal acts which each show their devastating effects – very quickly," said Thomas A. Widman, president and co-founder of Identity Fraud Inc. "Protection is more than a good idea; it is becoming a necessity. If we want to stop the rapid growth of identity fraud, we need to take action and reach out to the community with appropriate solutions. These credit unions are leading the way." A recent Ernst & Young LLP survey finds that employers could do a lot more to snuff out fraud in the workplace and employees are willing to help. The survey found that while 80% of respondents would be willing to turn in a colleague, only 43% actually have. With prevention as the key, building employee awareness from within can help deter identity theft in the workplace. ITRC reports that many companies are reluctant to change old practices not only due to the cost involved but also because it might be construed as admitting they were negligent in some way. Simply acknowledging that the world has changed, and therefore security measures must be updated accordingly is a simple way to protect employees and employers alike. Listed below are a few basic tips gathered from such organizations as the National Association for Information Destruction, ITRC and FTC to help thwart identity theft: *Have a written privacy policy and make it part of the new-employee orientation. The policy should be posted in a conspicuous spot and should provide a way for any victim of identity theft, company-related or not, to confidentially report the crime. *Lock up and limit access. Keep personnel files locked in a secure area and limit those who have access to them. Minimize the types and amounts of data you store on employees, dependents and customers. *Don't use social security numbers as employee identifiers, or on insurance cards, claims forms, paycheck stubs, timecards or timesheets, parking permits, staff badges, training program rosters, lists of who got promoted, monthly account statements or client reports. Use alternate, randomly assigned numbers and encrypt sensitive information when in transit. *Ensure that access to computer files is password-protected, and issue employees individual passwords that are regularly changed. Disable employee access to your company data immediately upon termination and audit access to data for suspicious activity. Use encryption software to protect electronic data that's sent and received and install adequate firewall protection to deter prying eyes. *Close external loopholes that can cause trouble and invite crime. It could be as simple as not posting employees' names, e-mail addresses or pictures on your external Web site- the less information criminals have about employees the better. *Shred it. If outsourcing document destruction, require the contractor to provide evidence of employee screening, appropriate insurance, written procedures, access prevention, monitoring and alarm systems, specific particle size and a custodial audit trail. *Check backgrounds on an ongoing basis not just when hiring employees-situations change and so can people. *Toughen scrutiny of third-party vendors and temps. Since it increases the number of people who will have access to personnel data, verify that vendors are just as committed to protecting confidential information as you are. *Consider using temporary workers only in areas where they won't have access to confidential data. [email protected]