On December 1, 2008, we blogged about the risks of insiders improperly accessing personal data belonging to customers and the general public. Last Thursday's Washington Post highlighted the vulnerability of human resources files to misuse by insiders. The Post reported that a human resources worker at the Library of Congress was charged with, and likely entered into a plea arrangement regarding, conspiracy to commit wire fraud. The worker allegedly accessed a Library of Congress database and obtained personal information, including Social Security numbers, of at least 10 Library employees. The information was then passed on to a third person who opened retail charge accounts in the names of the victims. In a separate matter, the Post also reported the sentencing of a former D.C. public schools employee for stealing the identities of 65 job applicants and co-workers to make retail purchases. According to the article, prosecutors stated that the employee's job gave her access to documents containing the names, birthdates and Social Security numbers of employees and job applicants.
These types of incidents are not isolated events. What are you doing to protect the personal information belonging to your applicants and employees?