Thread Options
|
Tools
|
#34155 - 09/24/02 01:41 PM
Privacy!! Maybe
|
Platinum Poster
Joined: Aug 2001
Posts: 705
Southern Illinois, USA
|
This is rather unusual. I need some help understanding the inplication of this matter. Our employee transaction account is restricted to keep salaries confidential. We have an employee who is pulling up the employee CIF to obtain social security numbers and then calling our 800 number on payday to see the amount of deposit to the employees account. I know this is a privacy violation, but I don't know what to quote when I bring it to managements attention. I think they are already aware of the situation but have done nothing to correct it. Would someone comment on this and advise how I can go about getting this resolved. I would appreciate your help.
|
Return to Top
|
|
|
|
#34156 - 09/24/02 01:53 PM
Re: Privacy!! Maybe
|
Anonymous
Unregistered
|
Check your employee handbook also to see if something like this would be in there. I know discussing salaries has been strictly taboo from my previous employers and current employer.
|
Return to Top
|
|
|
|
#34157 - 09/24/02 02:04 PM
Re: Privacy!! Maybe
|
10K Club
Joined: Oct 2000
Posts: 27,754
On the Net
|
It should be in violation of Privacy laws related to your Ethics/Code of Conduct and computer use policy.
From FRB-SR 97-28, you may also have a SAR reportable offense. Guidance Concerning the Reporting of Computer-Related Crimes by Financial Institutions 18 U.S.C. §1030. Section 1030(a)(2) specifically prohibits intentionally accessing a protected computer to obtain certain kinds of information without authority or in excess of authority. Not only does it generally prohibit improperly obtaining information from any “protected” computer, but it specifically prohibits improperly obtaining information contained in a “financial record” of a financial institution.
Another provision applicable to financial institutions is the prohibition on using a “protected” computer without authorization or in excess of authorization to commit fraud. The provisions of 18 U.S.C. §1030(a)(4) criminalize the knowing use of a protected computer without authorization or in excess or authorization with intent to defraud, and by means of such conduct furthering the intended fraud and obtaining anything of value.
If this is happening with employee accounts, what may be happening with customer accounts?
This could be a jealous, nosy employee, but it is serious and will lead to nothing good. It should be stopped.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#34159 - 09/24/02 04:03 PM
Re: Privacy!! Maybe
|
Platinum Poster
Joined: Mar 2001
Posts: 591
the beautiful state of ME
|
What does your bank confidentiality policy say. Our policy says that you only need information to complete a transaction, if you don't need it for business purposes you don't need to go there. If you are looking at dismissal for this employee, I would check with your attorney to make sure you have all your documentation in order.
Opinions are mine and mine alone.
_________________________
The paradox of planning is nothing happens....
|
Return to Top
|
|
|
|
#34161 - 09/24/02 05:57 PM
Re: Privacy!! Maybe
|
10K Club
Joined: Jul 2001
Posts: 83,396
Galveston, TX
|
I agree with Bonnie. This is a form of identity theft/fraud and the suspect should be suspended pending an investigation and terminated if your can prove your case. In other words - set a good hard/fast example here.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com
|
Return to Top
|
|
|
|
#34162 - 09/24/02 06:06 PM
Re: Privacy!! Maybe
|
10K Club
Joined: Aug 2002
Posts: 47,533
Bloomington, IN
|
I am gathering from the previous posts that this employee has no legitimate business reason to be doing what he/she is doing.
I agree with Bonnie that this is identity fraud, however I don't think I'd look at the circumstances, I recommend immediate dismissal and would also turn over the information to local officials for possible cirminal charges (I'd also inform the employee that the bank was doing this).
This employee has enough information on your other employees, and in all probabilty your customers, to cause a lot of "indentity theft" problems. I definitely would take steps to show due diligence on the bank's part to put an end to the current situation and to prevent future violations.
In this situation this employee is willfully "stealing" information. I for one would not give him/her the benefit of the doubt.
_________________________
The opinions expressed are mine and they are not to be taken as legal advice.
|
Return to Top
|
|
|
|
#34163 - 09/24/02 06:09 PM
Re: Privacy!! Maybe
|
Power Poster
Joined: Oct 2000
Posts: 5,991
Soaring over Georgia
|
This does point out some possible security issues in your telephone banking system, though. If all someone needs to get into the system is the SSN, that is fairly easily obtained even without the ability to pull up CIF records. Someone outside of your bank could also be perpetrating all kinds of fraud using your telephone banking system to support their efforts. You might want to consider some additional password controls.
_________________________
Jim Bedsole, CRCM, CBA, CFSA, CAFP My posts - my opinions
|
Return to Top
|
|
|
|
#34164 - 09/24/02 06:20 PM
Re: Privacy!! Maybe
|
Platinum Poster
Joined: Aug 2001
Posts: 705
Southern Illinois, USA
|
This employee has no legitimate business reason to do this. She wants to know what the other employees are making compared to her. I have notified management, but this may be difficult to prove. The employees who informed me of this have since decided they do not want to be involved. So, if I can't prove she is doing this, what are my other alternatives?
|
Return to Top
|
|
|
|
#34166 - 09/24/02 06:55 PM
Re: Privacy!! Maybe
|
10K Club
Joined: Aug 2002
Posts: 47,533
Bloomington, IN
|
Bonnie and I are basically saying the same thing, she just said it better than I did and beat me to the post.
First, I’d follow the suggestions of beefing up your security on the telephone banking inquiries. Second I’d check with your IT personnel to see if they maintain logs of PC activity by user to see if you have something there. Also, does your telephone banking keeps logs of date and access times that you may use in building your case. If not, then I would approach personnel and try to call this employee into a “conference” and inform her that it has been rumored that she has been obtaining salary information of other employees by falsifying information and, that if this is true (give her the impression you are giving her the benefit of the doubt), the seriousness of the situation and the possible ramifications if the rumors prove to be true.
_________________________
The opinions expressed are mine and they are not to be taken as legal advice.
|
Return to Top
|
|
|
|
|
|