If youíve ever had to fight a charge on your credit card you didnít make, or have been the victim of identity theft, youíll know firsthand how traumatic and stressful repairing your account can be. It sometimes feels like youíve been presumed guilty until you prove yourself innocent!
In the workplace, the amount of information we must provide on I-9 Forms leaves us equally vulnerable should the data ever get into the wrong hands. Because employers are required to complete I-9 Forms for every employee, the method by which employers safeguard that information is very critical. While most employers conscientiously secure their I-9 Forms, there are still certain (questionable) methods that will leave you scratching your head. Iíve listed five of these not-so-novel methods below:
1. The Desk Method
Desks come in all shapes and sizes, but one thing remains a constant: finding stacks of paper on them. I-9 Forms left unattended on a desk, available for anyone to see (or take) poses very real risks for the employer and employee. The I-9 Forms may become misplaced, discarded, lost, and putting employers at risk for not having an I-9 record on file for employees. Privacy issues can also arise when the I-9 Forms are viewed by other employees (or individuals) who are not authorized to view it.
2. The Trash Bin Method
Discarded I-9 Forms, intact and placed in trash bins potentially exposes the data found on the I-9 Forms to a host of unknown individuals.
3. The Filing Cabinet or Bookshelf Method
While probably the safest of all the methods indicated so far, an unlocked filing cabinet or bookshelf renders I-9 Forms available to anyone with access.
4. The Outsourced Vendor Method
Outsourced vendors managing your I-9 Forms can be highly beneficial and cost-effective but the hidden danger may be that those vendors also outsource their work (without you knowing). For example, vendors may contract with employers to migrate the data from prior paper I-9 Forms to an electronic format. The actual person(s) performing the data entry, however, may not be employed by the original vendor at all, but by another, outsourced third vendor who may not have conducted background checks on its employees, nor put into place special protocol for physically handling and safeguarding I-9 documents. Your employees (and your) I-9 Forms could very well have sat on a desk, somewhere, unattended for anyone with access to it.
5. The Emailing Method
Emailing I-9 Forms and employee lists or documents to vendors is another head-scratching method of security. If your organization is in the process of migrating paper I-9 Forms to an electronic format, or preparing an I-9 audit through an outside vendor (including attorneys), consider this. Established data security experts do not ask organizations to email documents. Instead, they provide safer alternatives to upload or send documents.
The threat of unintended exposure to I-9 Forms (and other associated documents) is a very real threat in todayís business climate. You can read the story here and more on the data here. Other forms of liability include derivative shareholder actions against organizations as a result of security breaches, the cost of notifying employees of the breach, credit monitoring services, in addition to potential state laws regarding data security breaches.
Originally published by LawLogix Group Inc Reprinted by permission.
Ann Cun is a U.S. based immigration attorney who has helped companies in the technology, science, business, sports, entertainment and arts fields secure complex work visas for their employees. With more than a decade of experience as a paralegal and attorney, Ms. Cun possesses a stellar record of success. Her legal expertise also includes conducting internal I-9 audits for companies and developing I-9 compliant strategies and solutions. She is a graduate of UCLA and UC Hastings School of Law and has been invited to speak by the Bar Association of San Francisco and the American Immigration Lawyers Association on U.S. immigration related topics, as well as other international conferences. Ms. Cun is a contributing author and currently serves as Counsel and Principal Editor for LawLogix Group.