Personnel data and Identity Theft

[mwyatt]

Identity theft seems to be a growing problem, made even easier by the resources available on the Web. Given the fact that our pension consulting businesses contain loads of confidential payroll data, including participant names, Social Security numbers, salaries, birth dates, etc., do we have exposure if some nefarious individual(s) get ahold of this data, either through "dumpster diving" or electronic means? What steps do you all take to dispose of confidential information. You see so much data in this business that you tend to forget that much is very confidential and could be put to very devious purposes. What steps (if any) are people taking out there to protect their data? Shredding papers, network protection, firewalls, etc., are all ideas that come to mind. Given that we're "discussing" this on the Web itself, I'm assuming that most of us are sensitive to these issues. How about a discussion about "best practices" with data?

[Lorraine Dorsa]

Good idea!

Our firm shreds all paper trash and uses password protection for both network and pension software. I'm not the network administrator so I don't have the details about our network and internet firewall protections, but I do know security was a concern when we recently upgraded our system.

Re passwords, ours are probably not internally secure--we know or can figure out other employees' passwords. What are other firms like us (10 employees) doing about this?

------------------