Skip to main content
  • Foundation
  • Executive network
  • CEO Circle
  • Enterprise Solutions
  • Linkage Logo
  • Store
  • Sign In
  • Account
    • My Account
    • Logout
    • Global
    • India
    • MENA
SHRM
About
Book a Speaker
Join Today
Renew
Rejoin Now
Renew
  • Membership
  • Certification
    Certification

    Smiling asian student studying in library with laptop books doing online research for coursework, making notes for essay homework assignment, online education e-learning concept
    Get Certified!

    Be recognized as an HR leader with your SHRM-CP or SHRM-SCP credential.

    • How to Get Certified

      Demonstrate your ability to apply HR principles to real-life situations. No other HR certification compares.

      • How to Get Certified
      • Eligibility Criteria
      • Exam Details and Fees
      • SHRM-CP
      • SHRM-SCP
      • Which Certification is Best for Me
      • Certification FAQs
    • Prepare for the Exam

      Give yourself the best chance to pass your SHRM certification exam.

      • Exam Preparation
      • SHRM BASK
      • SHRM Learning System
      • Instructor-Led Learning
      • Self-Study
      • Study Aids & Add-ons
    • Recertification

      Recertify your SHRM Credentials before your end date!

      • Specialty Credentials
      • Qualifications
  • Topics & Tools
    Topics & Tools

    Stay up to date with workplace news and leverage our vast library of resources to streamline day-to-day HR tasks.

    The white house in washington, dc.
    Executive Order Impact Zone

    Do not abandon, but evaluate and evolve. It is about legal, equal opportunity for all.

    • News & Trends

      Follow breaking news and emerging workplace trends.

      Legal & Compliance

      Stay informed on workplace legal updates and their impacts.

      From the Workplace

      Explore diverse perspectives from your peers on today's workplaces.

      Flagships

      Get curated collections of podcasts, videos, articles, and more produced by SHRM.

    • HR Topics
      • AI in the Workplace
      • Civility at Work
      • Compensation & Benefits
      • Inclusion & Diversity
      • Talent Acquisition
      • Workplace Technology
      • Workplace Violence Prevention
      SEE ALL
      SHRM Research
    • Tools & Samples

      Access member resources and tools to streamline HR tasks.

      • Forms & Checklists
      • How-To Guides
      • Interactive Tools
      • Job Descriptions
      • Policies
      • Toolkits
      SEE ALL
      Ask an Advisor
  • Events & Education
    Events & Education

    SHRM25 in San Diego, June 29 - July 2, 2025
    Join us for SHRM25 in San Diego

    Register for the World’s Largest HR Conference being held on June 29 - July 2, 2025

    • Events
      • SHRM25
      • The AI+HI Project 2025
      • INCLUSION 2025
      • Talent 2026
      • Linkage Institute 2025
      SEE ALL
      Webinars
    • Educational Programs

      Designed and delivered by HR experts to empower you with the knowledge and tools you need to drive lasting change in the workplace.

      Specialty Credentials

      Demonstrate targeted competence and enhance credibility among peers and employers.

      Qualifications

      Gain a deeper understanding and develop critical skills.

    • Team Training & Development

      Customized training programs unique to your organization’s needs.

  • Business Solutions
  • Advocacy
    Advocacy

    Make your voice heard on public policy issues impacting the workplace.

    Advocacy
    SHRM's President & CEO testifies to Congress on "The State of American Education"
    • Policy Areas
      • Workforce Development
      • Workplace Inclusion
      • Workplace Flexibility & Leave
      • Workplace Governance
      • Workplace Health Care
      • Workplace Immigration
      State Affairs

      SHRM advances policy solutions in state legislatures nationwide.

      Global Policy

      SHRM is the go-to for global HR leaders and businesses on workplace matters.

    • Advocacy Team (A-Team)

      SHRM’s A-Team is a key member benefit, giving you the tools, insights, and opportunities to shape workplace policy and drive real impact.

      Take Action

      Urge lawmakers to support policies that create lasting, positive change.

      Advocacy & Legislative Resources

      Access SHRM’s curated policy materials and content.

    • SHRM-Led Coalitions
      • Generation Cares
      • The Section 127 Coalition
      • Learn More & Partner with SHRM Government Affairs
  • Community
    Community

    Woman raising hand in group
    Find a SHRM Chapter

    Easily find a local professional or student chapter in your area.

    • Chapters

      Find local connections from over 607 chapters and state councils and create your personalized HR network.

      SHRM Connect

      Post polls, get crowdsourced answers to your questions and network with other HR professionals online.

      SHRM Northern California

      Join SHRM members in the greater San Francisco Bay area for local events and networking.

    • Membership Councils

      Learn about SHRM's five regional councils and the Membership Advisory Council (MAC).

      • Membership Advisory Council
      • Regional Councils
    • Volunteers

      Learn about volunteer opportunities with SHRM.

      • Volunteer Leader Resource Center
Close
  • Membership
  • Certification
    back
    Certification
    Smiling asian student studying in library with laptop books doing online research for coursework, making notes for essay homework assignment, online education e-learning concept
    Get Certified!

    Be recognized as an HR leader with your SHRM-CP or SHRM-SCP credential.

    • How to Get Certified

      Demonstrate your ability to apply HR principles to real-life situations. No other HR certification compares.

      • How to Get Certified
      • Eligibility Criteria
      • Exam Details and Fees
      • SHRM-CP
      • SHRM-SCP
      • Which Certification is Best for Me
      • Certification FAQs
    • Prepare for the Exam

      Give yourself the best chance to pass your SHRM certification exam.

      • Exam Preparation
      • SHRM BASK
      • SHRM Learning System
      • Instructor-Led Learning
      • Self-Study
      • Study Aids & Add-ons
    • Recertification

      Recertify your SHRM Credentials before your end date!

      • Specialty Credentials
      • Qualifications
  • Topics & Tools
    back
    Topics & Tools

    Stay up to date with workplace news and leverage our vast library of resources to streamline day-to-day HR tasks.

    The white house in washington, dc.
    Executive Order Impact Zone

    Do not abandon, but evaluate and evolve. It is about legal, equal opportunity for all.

    • News & Trends

      Follow breaking news and emerging workplace trends.

      Legal & Compliance

      Stay informed on workplace legal updates and their impacts.

      From the Workplace

      Explore diverse perspectives from your peers on today's workplaces.

      Flagships

      Get curated collections of podcasts, videos, articles, and more produced by SHRM.

    • HR Topics
      • AI in the Workplace
      • Civility at Work
      • Compensation & Benefits
      • Inclusion & Diversity
      • Talent Acquisition
      • Workplace Technology
      • Workplace Violence Prevention
      SEE ALL
      SHRM Research
    • Tools & Samples

      Access member resources and tools to streamline HR tasks.

      • Forms & Checklists
      • How-To Guides
      • Interactive Tools
      • Job Descriptions
      • Policies
      • Toolkits
      SEE ALL
      Ask an Advisor
  • Events & Education
    back
    Events & Education
    SHRM25 in San Diego, June 29 - July 2, 2025
    Join us for SHRM25 in San Diego

    Register for the World’s Largest HR Conference being held on June 29 - July 2, 2025

    • Events
      • SHRM25
      • The AI+HI Project 2025
      • INCLUSION 2025
      • Talent 2026
      • Linkage Institute 2025
      SEE ALL
      Webinars
    • Educational Programs

      Designed and delivered by HR experts to empower you with the knowledge and tools you need to drive lasting change in the workplace.

      Specialty Credentials

      Demonstrate targeted competence and enhance credibility among peers and employers.

      Qualifications

      Gain a deeper understanding and develop critical skills.

    • Team Training & Development

      Customized training programs unique to your organization’s needs.

  • Business Solutions
  • Advocacy
    back
    Advocacy

    Make your voice heard on public policy issues impacting the workplace.

    Advocacy
    SHRM's President & CEO testifies to Congress on "The State of American Education"
    • Policy Areas
      • Workforce Development
      • Workplace Inclusion
      • Workplace Flexibility & Leave
      • Workplace Governance
      • Workplace Health Care
      • Workplace Immigration
      State Affairs

      SHRM advances policy solutions in state legislatures nationwide.

      Global Policy

      SHRM is the go-to for global HR leaders and businesses on workplace matters.

    • Advocacy Team (A-Team)

      SHRM’s A-Team is a key member benefit, giving you the tools, insights, and opportunities to shape workplace policy and drive real impact.

      Take Action

      Urge lawmakers to support policies that create lasting, positive change.

      Advocacy & Legislative Resources

      Access SHRM’s curated policy materials and content.

    • SHRM-Led Coalitions
      • Generation Cares
      • The Section 127 Coalition
      • Learn More & Partner with SHRM Government Affairs
  • Community
    back
    Community
    Woman raising hand in group
    Find a SHRM Chapter

    Easily find a local professional or student chapter in your area.

    • Chapters

      Find local connections from over 607 chapters and state councils and create your personalized HR network.

      SHRM Connect

      Post polls, get crowdsourced answers to your questions and network with other HR professionals online.

      SHRM Northern California

      Join SHRM members in the greater San Francisco Bay area for local events and networking.

    • Membership Councils

      Learn about SHRM's five regional councils and the Membership Advisory Council (MAC).

      • Membership Advisory Council
      • Regional Councils
    • Volunteers

      Learn about volunteer opportunities with SHRM.

      • Volunteer Leader Resource Center
Join Today
Renew
Rejoin Now
Renew
  • Store
    • Global
    • India
    • MENA
  • About
  • Book a Speaker
  • Foundation
  • Executive network
  • CEO Circle
  • Enterprise Solutions
  • Linkage Logo
SHRM
Sign In
  • Account
    • My Account
    • Logout
Close

  1. Topics & Tools
  2. Workplace News & Trends
  3. HR Magazine
  4. Under Lock and Key
Share
  • Linked In
  • Facebook
  • Twitter
  • Email

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus convallis sem tellus, vitae egestas felis vestibule ut.


Error message details.

Copy button
Reuse Permissions

Request permission to republish or redistribute SHRM content and materials.


Learn More
Feature

Under Lock and Key

June 1, 2006 | Lisa Daniel



HR Magazine, June 2006 Keep your employees and your organization secure by protecting personnel files.

Philip Deming, SPHR, is reminded every day how breaches in personnel information can damage organizations. As a former federal agent who is now president of Philip S. Deming & Associates, a security and risk consulting firm in King of Prussia, Pa., Deming makes a living helping organizations that have allowed security breaches involving employees’ personal information.​

In one recent case, a large nonprofit association in Washington, D.C., paid “more than six figures” to correct the credit of 100 of its highest-paid employees. A security breach occurred when the organization changed life insurance policies. It hand-delivered to its new broker in Baltimore paper documents containing all the necessary information—names, birth dates, addresses and Social Security numbers. A temporary worker for the insurance broker proceeded to photocopy and sell the information, Deming says. The breach wasn’t discovered until employees began receiving credit card bills for hundreds of dollars in items they hadn’t purchased, he says.

Months of painstaking investigation ensued—for both the insurance company and the organization. Worse than the financial and administrative burdens was the cost to morale, Deming says. Seven of the association’s senior employees quit as a result of the security breach.

“It’s a nightmare for morale,” says Deming, who serves on the Society for Human Resource Management’s (SHRM) Employee Health, Safety and Security Special Expertise Panel. “If an employee’s information is stolen, that employee poisons the well from there on out. They will tell everyone they know about HR’s incompetence. They will take enormous amounts of time off [to repair credit, for emotional rest and for the trial]. It takes a very long time to recover from a personnel breach.”

Luckily, you can learn from the mistakes of the life insurance company, the nonprofit organization and others. Take the advice of experts and HR professionals who take the necessary—even if inconvenient—steps to secure employees’ personal information. Be diligent, doing everything from locking your office every time you step away to limiting access to files to select individuals. You will be glad you did.

Common Problems and Common Law

The biggest risk of unauthorized access to personnel information is identity theft. Identity theft has become so common that it makes up nearly half of all complaints filed with the Federal Trade Commission (FTC), which serves as the federal clearinghouse for complaints of identity theft.

An FTC investigation in 2003, for example, found 10 million cases of identity theft, mostly through information provided by credit card companies, a commission spokesman says.

FTC officials are unable to determine how often identities are stolen through employer personnel records. Still, the workplace in general, and HR offices in particular, offer many opportunities for unauthorized use of personnel records. While such a breach may conjure up images of sophisticated computer hacking that leads to multiple cases of identity theft, Deming and others say most breaches of personnel records involve one employee obtaining information on another, usually by looking at paper files. 

“What happens more than any other is that files are left on a desk and another employee comes in and looks at them,” says Louis Obdyke, SPHR, a senior labor and employment attorney at Continental Airlines in Houston. Most often, one employee looks at another’s salary or performance appraisals or gets the home phone number of another and begins harassing or stalking them, says Obdyke, who also serves on SHRM’s Employee Health, Safety and Security Special Expertise Panel. 

Identity theft is not the only concern for employers, who face legal problems on both the state and federal levels from almost any security breach. Employers are liable under state common laws—those established by court precedent, rather than statutes—for any security breach that violates employee privacy, Obdyke says. 

And, with increasing concerns about privacy violations, Congress passed several laws in recent years that regulate how employers guard personnel information. The Americans with Disabilities Act, the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act and the Patriot Act all govern the handling of employment documents, as does the Fair and Accurate Credit Transactions Act, which has a “disposal rule” that requires documents to be shredded, burned or pulverized after a certain time. 

Still, companies are required to maintain certain personnel records for at least three years after termination of employment. Under the Fair Labor Standards Act, employers must maintain basic information on all employees, such as full name, Social Security number, address, gender, occupation, pay and hours worked. For a full listing of these requirements, go to www.dol.gov/esa. Some companies may choose to keep the records longer. At Continental, employee records are kept seven years after the termination date and then are destroyed, Obdyke says. 

“It’s imperative that employers have a system for destroying files,” Obdyke stresses. “We hear horror stories of Social Security numbers and banking information being stolen. When files reach a point where they are not being used and you no longer need to keep them, they should be shredded.”

An Inside Job

With years of experience investigating and fixing personnel breaches, Deming has identified what he believes are the three biggest threats to personnel records:

  • Cleaning staff.

  • Security staff.

  • Human resource information systems (HRIS) staff.

All three tend to be invisible, and you don’t think of them, Deming says. Maybe they’re not even part of the organization.

In one case Deming worked, the CEO and chair of a large, publicly traded company had his Social Security number stolen and used to open credit cards. The breach happened when an attorney working on the renegotiation of the CEOs contract left the CEOs personnel file on the floor by the attorneys desk. A temporary cleaning service worker photocopied the information and sold it on the street for $75, Deming says.

In another case, a chemical company that prided itself on security had a breach in one of its offices when a security guard was given a sub-grand key to the HR office, a common practice that allows a security guard to open any door in case of emergency. The guard then broke the lock on a worn cabinet where personnel files were stored. He sold the personal information for $50 each, Deming says. The security guard later pleaded guilty to a reduced misdemeanor and served less than a year in jail, he says.

Two of Deming’s lessons from these cases:

  • A high-level employee should be present when cleaning crews work.

  • Only the HR director, and maybe one senior executive, should have a key to the HR office.

The problem with HRIS workers is that they have the technological know-how and often the access to get information, if they choose to, Deming says. In his work, Deming has not found HRIS staff involved in crimes like identity theft, but he says they have been caught snooping in files for salary information on other employees to leverage their pay. He recommends restricted access to curtail breaches.

Deming also suggests that one qualified person in HR or IT provide oversight for electronic data. Electronic audits looking for unusual activity or unauthorized access should be conducted regularly.

Maintaining Vigilance

Susan Kurdziolek, president of Turn Key Office Solutions in Arlington, Va., counsels her clients on how to maintain secure personnel files. Like Deming, Kurdziolek says records security is more a matter of common sense than high-dollar security that uses things such as hidden cameras, computer thumbprints and identification cards. 

“You don’t have to invest in high technology,” Kurdziolek says. “You do have to have a front door lock, and you may consider using a combination lock.” 

Most important, Kurdziolek says, all organizations need to address records management in their policies and procedures, and show that there are consequences for breaking the rules. 

“Too often, we see that companies address these issues with a wink, and that’s it,” Kurdziolek says. 

Without strict policies, many common scenarios can place records in jeopardy. Kurdziolek uses the example of an HR staffer whose boyfriend picks her up at the office at the end of the day. Without policies about where the public can be in the building, the boyfriend may come to the HR office and overhear a conversation about a personnel matter or be left alone with personnel files while the HR staffer goes to the bathroom. What may seem innocuous to an employee puts files at risk if they’re left with the wrong person. 

Kurdziolek recommends restricted access throughout a workplace, especially in the HR office. HR staff should log off their computers and lock their doors when they leave their offices, even for a quick trip down the hall. “It only takes a second for someone to lift a file,” she notes. 

Only the HR director should have a key to the HR office suite, even if it means curtailing flexible arrangements that would allow an HR employee to work when the director isn’t there. If some HR staff members are bothered by the inconvenience, she says, “How inconvenienced would they feel if someone’s identity was stolen?” 

HR should develop policies and procedures with either the No. 1 or No. 2 person in the organization and have them approved by legal staff, Kurdziolek adds. (For a list of recommendations, see “Policies and Procedures,” above.) 

The next step is to develop a program to train HR staff on security risks and the policies and procedures that address them. Employees should sign a document that says that they completed the training, Kurdziolek says, adding that the employee signature makes them accountable. 

Consequences for security breaches also should be written into policies and procedures, says Kurdziolek. For breaches such as leaving a file unattended or bringing a non-employee into a secure area, there might be an oral warning for a first offense, a written warning for a second offense, followed by probation and, eventually, firing for repeated offenses, she explains. 

“Security has to come from the top down,” says Kurdziolek. “You have to have a good HR director and good management who will take the leadership to let employees know there will be consequences” for breaking the rules. 

“There can’t be any security risk at all,” she adds. “The company is liable.”

Lisa Daniel is a freelance business writer in Burke, Va.

Web Extras

  • SHRM article: Stolen Identity (HR Magazine)
  • SHRM article: Is It Shredding Time Yet? (HR Magazine)
  • SHRM article: Closing the Security Gap (HR Magazine)
  • Web site: Federal Trade Commission

Policies and Procedures

Continental Airlines attorney Louis Obdyke and security expert Philip Deming say one of the best protections against someone lifting a paper personnel file is to have as little on paper as possible. 

Even with the possibility of HRIS employees breaking into personnel files, “electronic files are more secure,” says Deming, because you can trace who has been accessing them. “Yet a very small percentage of companies even encourage employees to fill out applications electronically.” 

If your organization isn’t ready to go paperless, Obdyke, Deming and consultant Susan Kurdziolek recommend the following policies and procedures to maintain the tightest security of personnel information:  ​

    • Appoint someone, preferably the HR director, to be in charge of personnel file security.

    • Allow only the HR director and one executive to keep a key to the HR office and files.

    • Keep file drawers locked when they’re not in use.

    • Keys and passwords should change immediately after an HR employee quits or is fired.

    • A senior employee should always be present when cleaning crews work.

    • During litigation, don’t send personnel information to anyone outside the company without a court order.

    • Assign employee numbers, rather than using Social Security numbers.

    • Change computer access codes frequently.

    • Personnel information should never be sent over e-mail or discussed in cell phone calls.

    • Computers should go into standby mode and require a password after not being touched for a certain period of time.

    • Work with IT to restrict information from being downloaded onto laptop computers.

    • All sensitive personnel discussions involving an employees data, such as pay, hiring or promotion, should occur in conference rooms behind closed doors.

    • Shred documents after you are no longer required to keep them or they are not needed.

    • Audit your files at least twice a year to determine if anyone unauthorized has accessed them.


Artificial Intelligence in the Workplace

​An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.



Related Content

Kelly Dobbs Bunting speaks onstage at SHRM24
(opens in a new tab)
News
Why AI+HI Is Essential to Compliance

HR must always include human intelligence and oversight of AI in decision-making in hiring and firing, a legal expert said at SHRM24. She added that HR can ensure compliance by meeting the strictest AI standards, which will be in Colorado’s upcoming AI law.

(opens in a new tab)
News
A 4-Day Workweek? AI-Fueled Efficiencies Could Make It Happen

The proliferation of artificial intelligence in the workplace, and the ensuing expected increase in productivity and efficiency, could help usher in the four-day workweek, some experts predict.

(opens in a new tab)
News
How One Company Uses Digital Tools to Boost Employee Well-Being

Learn how Marsh McLennan successfully boosts staff well-being with digital tools, improving productivity and work satisfaction for more than 20,000 employees.

HR Daily Newsletter

Stay up to date with the latest HR news, trends, and expert advice each business day.

Success title

Success caption

Manage Subscriptions
  • About SHRM
  • Careers at SHRM
  • Press Room
  • Contact SHRM
  • Book a SHRM Executive Speaker
  • Advertise with Us
  • Partner with Us
  • Copyright & Permissions
  • Post a Job
  • Find an HR Job
Follow Us
  • LinkedIn
  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • SHRM Newsletters
  • Ask An Advisor

© 2025 SHRM. All Rights Reserved

SHRM provides content as a service to its readers and members. It does not offer legal advice, and cannot guarantee the accuracy or suitability of its content for a particular purpose. Disclaimer


  1. Privacy Policy

  2. Terms of Use

  3. Accessibility

Join SHRM for Exclusive Access to Member Content

SHRM Members enjoy unlimited access to articles and exclusive member resources.

Already a member?
Free Article
Limit Reached

Get unlimited access to articles and member-exclusive resources.

You've reached the limit of 1 free article this month. Join to access unlimited articles and member-only resources.

Already a member?
Free Article
Exclusive Executive-Level Content

This content is for the SHRM Executive Network and Executive Content Subscription members only.

You've reached the limit of 1 free article this month. Join the Executive Network and enjoy unlimited content.

Already a member?
Free Article
Exclusive Executive-Level Content

This content is for the SHRM Executive Network and Executive Content Subscription members only.

You've reached the limit of 1 free article this month. Join and enjoy unlimited access to SHRM Executive Network Content.

Already a member?
Unlock Your Career with SHRM Membership

Please enjoy this free resource! Join SHRM for unlimited access to exclusive articles and tools.

Already a member?

Your membership is almost expired! Renew today for unlimited access to member content.

Renew now

Your membership has expired. Renew today for unlimited access to member content.

Renew Now

Your Executive Network membership is nearing its expiration. Renew now to maintain access.

Renew Now

Your membership has expired. Renew your Executive Network benefits today.

Renew Now