• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL



When Personnel Gets Personal

The Annoyance:

My personnel file is a Pandora's Box of personal information about me—background checks, drug tests, and psychological profiles—that I'd rather not share with the world. How do I know my employer isn't sharing this information with the world—or that it will stay private after I leave the company?

The Fix:

You don't. In fact, there are no legal limits on what a private firm can do with the information in your file, says HR Privacy Solutions' Don Harris. In most cases you don't have a legal right to see your file, let alone dispute inaccuracies inside it.

"For the most part, employers can pretty much do what they want with employees' information, says Harris. "For example, it's perfectly legal for an employer to sell its entire database of employees to a commercial party that wants to market products and services to them. I don't know of any employer who would do such a thing, but there's no law against it."

Harris adds that common sense and a desire to not alienate employees keeps most companies in check. If your employer doesn't already have a written privacy policy, ask it to create one that spells out what the company does with your personnel records while you're employed and after you leave the company. The policy should also detail how your employer protects the security of its files—not only from unethical bosses, but also against hackers, internal spies, or simple carelessness. (See "Beware Employee ID Theft.") If your company doesn't have a security plan, your questions may spur it to create one.

You should also check your personnel file every six months or so, to make sure there's nothing inaccurate in there, advises Tena Fiery of the PRC. Public sector employees are allowed access to their files by law; approximately 20 states have rules allowing private employees to see all or part of their HR files. In California, for example, employees have the right to see any documents in their files they've signed, but some states aren't even that generous. As far as I can determine there is no central clearinghouse for state laws on the topic, so you'll need to check with the appropriate hide-bound bureaucracy in your area.


Verifying employment and salary histories is both painstaking and mind numbing, which is why many companies hire automated services like The Work Number (http://www.theworknumber.com) to do the job for them. The Work Number claims to house some 80 million records that can be accessed by potential employers, mortgage brokers, property managers, and others to verify employment or eligibility for public assistance programs. But according to a July 2004 report by The Privacy Rights Clearinghouse, some of those records are wrong—they misreport job titles or indicate employees have been fired when in fact they left under their own steam.

Tom Werner, general counsel for TALX, The Work Number's parent corporation, says the site gets all of its information directly from employers, and that mistakes are rare. Employees who want to check the accuracy of their records can search the site's directory for their employer's name, then log in using their Social Security Number and PIN, or call 800-367-5690. To dispute information in your record, you can call 800-996-7566 and The Work Number will try to resolve the differences with your former employer. However, Werner adds, "The final decision on the accuracy of the data contained on a verification of employment or income resides with the employers, since they maintain the primary source of employment information."

If you've got a beef with the information contained on The Work Number, the PRC would also like to hear about it; contact them at http://www.privacyrights.org/inquiryform.html.

Avoid Bad PR from HR

The Annoyance:

I just left a job under trying circumstances. Can negative reports in my HR file follow me around to my next job?

The Fix:

Yes, they could. However, employers tend to be fairly gun-shy about sharing too much information because they can be sued if a negative report causes someone to lose out on a job, says HR Privacy Solutions' Don Harris.

"A lot of employers have gotten burned in court, so they tend to give just name, rank and serial number—essentially dates of employment—and not give away sensitive information," says Harris. "If the employer shares negative information about you, you can sue them under a privacy tort such as libel or defamation. But the burden of proof is on you, as well as the expense and the bad publicity."

Harris says this is what leads many executives to resign instead of being fired. The advice here: If you fear a negative recommendation, strike a deal with your (soon-to-be-ex) boss. Agree to go quietly, as long as your employer agrees to not say bad things about you after you're gone.


Australia is famous for doing everything on a large scale (e.g., beer, waves, crocodiles), so it shouldn't come as a surprise that they're also big on workplace privacy. In early 2004, the government of New South Wales passed a law that would ban most forms of employer snooping. According to a report in The Register (http://www.theregister.co.uk/2004/03/31/nsw_bans_workplace_cybersnooping), the Exposure Bill would forbid employers to spy on employees without having a reasonable suspicion of wrongdoing. The rules cover video surveillance, email snooping, and other forms of tracking. Companies that demonstrate a need to conduct surveillance will also have to inform employees ahead of time. Good onya, mate!

Beware Employee ID Theft

The Annoyance:

The admin who works in HR hates my guts. How do I know she's not sabotaging my employment records?

The Fix:

You don't. She very well may be doing nasty things to your records, including stealing your identity.

Professor Judith Collins of Michigan State's Identity Theft Crime Lab investigated more than 1000 cases of ID theft, and found that up to 70 percent could be traced to employees or people posing as employees. A 2002 study by credit reporting giant TransUnion cited stolen employee records as the number one source of identity crimes.

Whether you'll find out if your personal information has been compromised depends on where you live. As of 2002, California law requires companies doing business in California to notify employees when the security of their personal information has been breached. So if you live or work in the Golden State, your boss must tell you when its HR records have been exposed or pilfered—assuming it knows about the deed and that telling you won't impede a criminal investigation. (For more information on California's privacy protections, see http://www.privacy.ca.gov/).

This is another situation where you may have to nag your employer to follow smart security precautions to protect your personal data. HR Privacy's Don Harris suggests every business take a few simple steps:

  • Only allow authorized personnel to access HR records.

  • Password-protect and encrypt sensitive computer files.

  • Require hefty background checks for those with access to such records.

  • Discourage the use of temporary employees in HR.

  • Avoid using Social Security numbers on ID badges, timesheets, payment stubs, or any other document that circulates in public.

  • Shred sensitive materials once they're no longer needed.

On a personal level, your best defense is to keep a close eye on your credit reports, so you can suss out if your ID has been swiped. (For more on how to do this, see Chapter 2, "Check Your Reports.")


According to a June 2004 report in Computerworld magazine, officials working in Northern California's Contra Costa County inadvertently sent hundreds of highly sensitive emails to an Internet company in Sweden over a period of two years. The messages, which contained employee payroll and benefits information, were apparently sent to the Swedish firm by accident because of errors in county officials' email address books. The firm's owner attempted to contact the county for two years before giving up and turning to Computerworld, which successfully intervened and turned off the spigot of unwanted email. Legal experts speculate this case may become the first test of California's 2003 identity theft law (SB1386), which requires companies to notify individuals when their personal information has been compromised. So far, no county employees have reported purchases of Volvos or fermented Baltic herring on their credit card statements.

  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint