Identity theft happens more often than anyone would like to admit. The Federal Trade Commission estimates that 9 million Americans have their identities stolen each year, causing monetary losses of more than $37 billion.
Many security breaches happen when third-party vendors benefits providers, for example handle employee information. If you outsource any of your HR functions, your employees' data could be at risk. It's your responsibility to ensure your vendors guard against the threat of identity theft.
A good contract with your vendor is your best protection against liability. It should require vendors to:
- Limit the number of people who have access to your data
- Ensure data is encrypted and securely maintained
- Transmit data only in a controlled, protected manner.
Involve your attorney in drafting and reviewing the contract. It should stipulate that the vendor is legally responsible for any data breach that occurs, and that it will indemnify you and your employees for any actions arising from such a breach.
Not surprisingly, vendors are often reluctant to include that type of language in their contracts, but it's critical. Ideally, the contract should obligate the vendor to pay any damages resulting from the data loss, no matter when it occurs.
Note: More vendors are outsourcing services to other countries, where lax law enforcement makes controlling risk more difficult. Negotiate contract language that requires vendors to obtain your approval before moving work offshore.
This article was originally written by The HR Specialist for HR Management
©2015 Business Management Daily. Distributed by Tribune Content Agency, LLC.