The recent (and seemingly ongoing) data breach at Equifax has a lot of people worried, and for good reason.
In a crisis situation, the assumption is that people can rely on family, friends, and their local communities for support. But what if their coworkers are the majority of their friend network, and the organization they work for is the closest community they know? While it’s true that HR isn’t obligated to provide more support than what the law requires, there’s still a question as to what we should do as friends and community leaders.
At BambooHR, we believe it’s in our best interest to care for employees not just here, but in their lives outside of work as well. We think it’s the right thing to do, and we believe in doing the right thing. We also know that by providing support, we create more trust, more engagement, and improved wellbeing throughout the organization—all of which help boost performance. It’s a win-win for our heads as well as our hearts.
With that in mind, we put together a short list of suggestions for HR professionals who want to help employees understand and protect themselves after this ominous incident.
HOLD ON, I DON’T WATCH THE NEWS. WHAT’S EQUIFAX?
Equifax is one of the three major U.S. credit bureaus (Experian and TransUnion are the other two) that banks, lending institutions, employers, and other authorities rely on to provide consumer credit scores. To provide your rating, credit bureaus compile all of your personal and financial information and generate a score from 300 to 850, based on things like your income, your outstanding debt, your credit limit, how many accounts you have open, and whether or not you have any collections, past bankruptcies, or missed payments. If you’ve ever purchased a home, bought or leased a car, or rented an apartment, your credit rating has affected your ability to do so, and in the case of a loan, your score has affected the interest rate you’ve been offered. Some employers even use a credit check to determine whether or not they will hire applicants (although in general, credit score is not a legal reason to deny employment). Suffice it to say, this is pretty important stuff, and these institutions are heavy influencers in the lives of every American citizen.
SO, WHAT HAPPENED AT EQUIFAX?
Well, according to the Federal Trade Commission website,
“The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.”
143 million Americans, give or take, had their personal information exposed. That’s nearly half the consumer base of the country, and by extension nearly half of the employees in every American business.
BIG DEAL. WHY IS THAT A PROBLEM?
It’s a huge problem—like getting your wallet stolen, only a thousand times worse. Using your information, identity thieves can open accounts, apply for credit cards, and make huge purchases in your name, leaving you deep in debt. But that’s not all. They can change your personal information, get medical treatment, file false tax returns to steal your refund, or even wipe out your life’s savings and liquify your investments while posing as you. The immediate impact can be devastating, but on top of that, recovering your identity can take years—years during which you may not be able to apply for a loan, rent a home, or travel outside the country. It’s nothing short of a living nightmare, and some people never recover.
OMG. WHAT CAN I DO?
Get Approval to Act
First, you should explain the situation to your boss, manager, or executive team and tell them why you want to help. Let them know you understand HR has no official responsibility to protect employees’ financial interests, but that you’d like to offer support anyway. If necessary, explain how employees might be affected and how that could impact your organization.
Create an Action Plan
Having an action plan is important. This could mean scheduling a company meeting with a financial advisor, creating a handout with a step-by-step list of recommendations, or just sending an email with some links and an invitation to come talk if there are any questions. Ideally, you’d be able to make this an opt-out rather than an opt-in process, but there are limits to how intrusive HR can and should be. Making sure your people know that you’re open and willing to help is the most important thing you can do.
Assuming you have permission, you can begin by raising awareness. While most people will likely have heard something about the issue, and many people do understand the seriousness of the situation, a significant percentage of your organization may have no clue about what happened, what they can do about it, or even why they should bother. If people under the age of 35 make up a big portion of your organization, the likelihood is higher they’re unaware or only marginally concerned, while the consequences are even more dire.
Here are some links to articles that explain the breach, the possible consequences, and the follow-up steps consumers should take in easy-to-understand terms:
At the very least, you should encourage your employees to follow these steps:
- They should check here to see if their information was exposed (click on the Potential Impact tab)
- They can also check their credit report to see if anything is amiss (it’s free, and doesn’t harm your score)
- They can place a credit freeze or fraud alert on their files at all three bureaus:
- Finally, they should consider enrolling in a credit monitoring program via Equifax (free for one year due to the breach), their personal bank, or a third-party firm
Your Company Can Help, Too
In addition, you should offer whatever resources your company has to assist employees in crisis. Some employers offer free financial advice through an investment firm or 401k management company. Most medium and large companies include an EAP, or Employee Assistance Program, as one of their standard benefits. If your company offers an EAP, give your representative a call to ask them what kind of assistance they can provide or what programs they will recommend to employees.
Brace for Impact
Any employees who have had their information exposed have been at risk for some months, and it’s possible that one or more has had their identity stolen during that time. Like we mentioned above, it can take months, years, or even decades to repair the damage, and doing so can deeply impact an employee’s time and emotional state. They may need to take time off from work or seek assistance in the form of financial or even psychiatric counseling. And while you don’t need to broadcast it companywide, you should be prepared for this possibility.
GOOD JOB, HR CHAMPION.
Concern for people is almost innate to Human Resources professionals, and if it isn’t already part of your personality, chances are it’ll come with the job. That concern can leave you feeling helpless, frustrated, and overwhelmed. But while worrying isn’t productive on its own, it often opens up opportunities—like this one—to help people.
Take those opportunities. Help your people to the best of your ability, whether or not it’s within your official responsibilities. You won’t be able to fix everything—that’s guaranteed. But by doing what you can, you’ll not only help strengthen the bond between your people and your organization, you’ll replace frustration with fulfillment and a sense of purpose. And they will tell your tale in song for generations to come.