Magazine article Risk Management

Identity Theft and Employer Liability

Magazine article Risk Management

Identity Theft and Employer Liability

Article excerpt

The Federal Bureau of Investigation calls identity theft an "increasingly insidious and pervasive problem" that can threaten virtually anyone. More ominously, identity theft "costs American businesses and consumers a reported $50 billion a year, causes untold headaches for an estimated 10 million U.S. victims annually, and even makes it easier for terrorists and spies to launch attacks against our nation."

As identity theft continues to grow as a crime and a social, financial and security concern, questions of liability become more crucial. In light of the criminal and social considerations, the litigious environment of the United States, and existing and emerging laws concerning corporate responsibility for the protection of personal data, commercial entities have begun to take actions of their own to protect the data of their customers and, increasingly, their employees.

A closer examination of the personal impact of identity theft reveals why it is a growing concern among corporate risk managers.

Consider this scenario: An employee of an American company is sent to Monterrey, Mexico, by her company to study the capabilities of an IT service provider. While in Monterrey, she uses her company credit card to pay for her hotel, food and local transportation expenses. She also uses a personal credit card to purchase some gifts for her family back home. Her business in Mexico completed, she returns to the United States.

One month later, her credit card bills arrive and sit on her home desk for two weeks until she makes the time to address them. As she scans the charges from her trip--now six weeks in the past--she notes a $50 charge from a Monterrey financial institution with a name that she does not recognize. Her personal credit card company advises her it is probably just a processing transaction related to a purchase from her recent trip and agrees to reverse the charge. She then pays the bill and gets on with her busy life. On her next personal credit card statement, four mysterious charges from various Caribbean islands appear totaling $800 dollars. Ten weeks after her trip to Mexico, she comes to terms with the fact that her identity has been stolen.

In this scenario, our hypothetical victim is fortunate. Her potential losses are only in the hundreds of dollars, and it took her less than three months to discover the theft. A more common scenario would involve thousands of dollars and possibly take six months to discover. More alarmingly, a typical identity theft victim can spend up to 600 hours to resolve a single case of identity theft over the course of a year, according to a survey conducted by the nonprofit Identity Theft Resource Center.

The customer service required to help consumers resolve issues related to identity theft is fairly sophisticated. Subsequently, many credit card companies and credit reporting agencies cannot provide these high-level services on a 24/7 basis. So individuals often must take time during the workday to resolve these issues. This reality creates a connection between identity theft and employee productivity. Given the FBI's estimate of 10 million U.S. identity theft victims each year and the workday time each of them will likely spend resolving this victimization, the potential productivity losses become significant. Productivity losses, however, are not the only concern related to identity theft among corporate risk managers.

An Inside Job

Personal data losses occur in a number of ways. Personal information can be stolen via the Internet when online transactions are made. Identity theft can also occur when there is some kind of personal connection between the thieves and their victims. For employers, a more critical concern is when identity theft can be tied to the action of employees, which one recent study said accounted for some 16% of identity theft cases.

Perhaps the best known case involved the loss of up to 26 million personal records from the U. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.