The data in your employee files -- Social Security numbers, addresses, names of dependents, health records and bank account routing numbers -- have real value to identity thieves.
Identity theft happens more often than anyone would like to admit. The Federal Trade Commission estimates that 9 million Americans have their identities stolen each year, causing monetary losses of more than $37 billion.
Many security breaches happen when third-party vendors benefits providers, for example handle employee information. If you outsource any of your HR functions, your employees' data could be at risk. It's your responsibility to ensure your vendors guard against the threat of identity theft.
A good contract with your vendor is your best protection against liability. It should require vendors to:
Include notification requirements if a security breach occurs. Cite the specific state and federal notification laws the vendor must follow.
Involve your attorney in drafting and reviewing the contract. It should stipulate that the vendor is legally responsible for any data breach that occurs, and that it will indemnify you and your employees for any actions arising from such a breach.
Not surprisingly, vendors are often reluctant to include that type of language in their contracts, but it's critical. Ideally, the contract should obligate the vendor to pay any damages resulting from the data loss, no matter when it occurs.
Note: More vendors are outsourcing services to other countries, where lax law enforcement makes controlling risk more difficult. Negotiate contract language that requires vendors to obtain your approval before moving work offshore.
This article was originally written by The HR Specialist for HR Management
©2015 Business Management Daily. Distributed by Tribune Content Agency, LLC.