Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus convallis sem tellus, vitae egestas felis vestibule ut.

Error message details.

Reuse Permissions

Request permission to republish or redistribute SHRM content and materials.

How can I ensure my company protects personal employee information?

Companies must ensure that there are safeguards in place to protect personal employee information from theft. Identity theft has become a top consumer fraud issue, and the Federal Trade Commission (FTC) reports that identity theft tops the list of consumer complaints that are reported every year. Every employer maintains records that are at risk of theft and misuse; therefore, employers should develop processes that protect this sensitive employee information.

Employers can minimize the risk of inadvertent disclosure of employee information by implementing the following practices:

  • Undertake periodic audits of record-keeping processes to evaluate the safeguarding of employee records.
  • Develop a written records retention policy that identifies what information must be kept and for how long.
  • Shred all discarded employee information, including information on temporary workers, contract employees and former employees.
  • Secure physical records and limit access to employee information to those with a legitimate business need.
  • When using digital copiers, use the security features available such as encryption or overwriting as sensitive information that is copied can be retained on the copier hard drive.
  • Employ or contract with trained IT professionals to ensure security of network servers and evaluate the systems used to manage e-mail, Internet use, etc.
  • Designate someone to handle legitimate inquiries for employee information. Require a signed release from employees before verifying any information and confirm only the information that is needed.
  • Collect only essential personal information from employees.
  • Use the Social Security Number Verification Service through the Social Security Administration to ensure accuracy of employee Social Security numbers.
  • Avoid using Social Security numbers as a form of identification for either employees or customers.
  • Request health insurance carriers to use different numbers (rather than Social Security numbers) on health insurance cards.
  • Encourage employees to protect their own personal information at all times, even at home, and to keep only necessary personal information with them while at work.
  • Have a plan ready and in position to act quickly should a theft or data breach occur.

Employers should remain abreast of state and federal employee record-keeping responsibilities. Some states have enacted laws related to the protection of Social Security numbers of employees. For international employers, the European Union has enacted new data standards that include the protection of employee records.  

The FTC publication Protecting Personal Information: A Guide for Business is a good starting point in understanding an employer's responsibilities for protecting personal employee data. 


​An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.