As retail stores fight to compete with ecommerce and ICE increases I-9 audits, employers should be aware of potential risks and penalties relating to unsecure employee personal information and HR documentation.
(Santa Clara, CA) October 17, 2018 — In what some have called the “retail apocalypse,” many brick and mortar stores are closing or going bankrupt due to the relentless growth of ecommerce. These closings leave open the possibility that testy employees may bypass regulations regarding protecting Personally Identifiable Information (PII) and create an immense data security problem in the process. One such store was Toy’s R Us where 735 locations were closed resulting in thousands of layoffs.1 At one of the closed locations filing cabinet drawers were left open with employee’s private information strewn about on the floor. The hundreds of folders contained sensitive employee records relating to their hiring, work history, medical information, tax and payroll information, and even photocopies of I-9 (Human Resource) documents such as a driver’s license and Social Security card.2,3 To avoid such a security debacle, as well as legal penalties, Accu-Image, an industry-leading document and information management firm stresses the need for companies to use a digitized record-keeping system to keep their employee PII and I-9 documents protected.
The writer of a blog for Hackaday, who had visited the newly closed Toys R Us store in his city, described what he saw as ‘quite disturbing” because merchandise was missing, security cameras were broken, and most disturbing, the personally identifiable information laid bare. The first thing he saw upon entering the room was a photocopy of one woman’s driver’s license and Social Security card sitting on a table.2
The implementation of data breach regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA) reflect the overall shift toward protecting PII. Even if a store closes, or goes bankrupt, such as Toys R Us, the company still has legal and moral obligations with regard to protecting employees’ PII.3
Human Resource document accuracy and privacy is presently under a microscope, spurred on by increased Immigration and Customs Enforcement (ICE) I-9 audits in 2018. Tampered or breached employee documents can cost a business (bankrupt or not) financial penalties.
Monetary penalties for substantive and uncorrected technical paperwork violations for HR documents range from $220 to $2,200 per violation.4
“Paper PII and HR documents can be subject to exposure to unauthorized people, as well as alteration or even forgery,” says Larry Bennett of Accu-Image. “A secure digitized record-keeping system keeps the original employee documents under ‘lock-and-key,’ decreasing the chance of tampering and maintaining the genuine integrity of records.”
Regardless if a store closes, goes bankrupt, or is still open, management is responsible for all employee records and may be subject to legal action if employee rights are violated.6
Employers can take the following steps to limit unlawful disclosure of PII and HR data:
- Review all service agreements with your employee benefit plan vendors for privacy/confidentiality provisions.
- Review your internal practices regarding the flow and protection of sensitive information.
- Use a secure digitized record keeping system to avoid tampering.
- Avoid using employee social security numbers as employee identification numbers.
- Ensure that employee medical information is maintained in separate, digital files.
- Store personnel documents containing private information (e.g., consumer reports, I-9 forms, wage garnishment documents, credit card information, mortgage application inquiries, reference check results and pre-employment or drug testing results) in confidential digital files separate from personnel files.
- If personal information of employees is kept in an electronic format, ensure that the data is stored in a secure computer system, limit access to such data, and take precautions to ensure that such data cannot generally be taken off-site.5
Bennett of Accu-Image stresses, “Having PII and HR documents in compliance with employee record-keeping laws and secure in a digitized record-keeping system adds a safety net to help avoid, not only problems for employees, but potential legal ramifications for employers.”
Accu-Image, headquartered in Santa Clara, CA., has been servicing corporate America since 1988. It is a document processing firm that specializes in helping clients with the storage and retrieval of paper documents and managing of information. They provide tailored, automated workflow solutions that include the digitizing, streamlining and automation of documents, invoice processing and accounting processes. Over the past thirty years, their document and information management services have been used by some of the world’s biggest brands across a multitude of industries from education to health care to public utilities and more. For more information visit https://accu-image.com
Karla Jo Helms
- Stebbins, Samuel, and Michael B. Sauter. “Retailers Closing the Most Stores.” Com, 24/7 Wall St., 23 July 2018.
- “Exploring an Abandoned Toys ‘R’ Us.” Hackaday, 18 Sept. 2018.
- The Security Risks Posed by Old Paper Work.” Total Security Daily Advisor, 26 Sept. 2018.
- Bahal, Alka. “Employers Beware: ICE Is Ramping Up I-9 Audits To Record Levels.” Pinterest, 26 July 2018.
- Disclosure of Employee Personal Data: What Are an Employer’s Legal Obligations?” Publications | Insights | Faegre Baker Daniels.
- I9ADVANTAGE, January 4, 2016. “I-9 Audits | Form I-9 Audit Information.” Advantage, The Confidence of Complete Compliance, i9advantage.com/i-9-e-verify-resources/news/i-9-audits/ice-fines1.