Employers are increasingly being contacted by individuals, their insurance and payroll providers, the IRS and/or police about employees who are possibly involved in identity theft. If an employee steals a name and matching social security number and has a fraudulent identity document and social security card, this can be very difficult to detect. A strong I-9 compliance process can assist in making sure an employer has done what it can to try to avoid this issue. A number of steps that employers may wish to consider implementing:
I. Compliance can begin during the interview – Ask applicants:
Do you have authorization to work in the U.S.?
II. Let candidates know in the offer letter/application that they will need to complete the Form I-9 as a condition of employment
Language for offer letter: Your employment is conditional upon your successful completion of the Form I-9 verifying both your identity and authorization to work in the U.S.
III. Have an experienced/trained person be responsible for completing the I-9 forms with the employee
IV. Question the validity of documents which seem suspicious
Permanent resident Cards should no longer indicate “INS” or “Immigration Naturalization Services” anywhere on them. Cards should only have forward facing photos and not three quarter view photos. They are called Permanent Resident Cards now and not Resident Alien Cards. If you notice any of these issues, it is a red flag to question the Card.
Driver’s licenses can be difficult to verify as each state has its own document and they can be changed/updated frequently. If you have reason to suspect a license may be fraudulent, it is acceptable to look for a sample license at the state’s website for assistance. Some states/sites have helpful information online, including:
V. Keep copies of documents, but do not make and keep copies of documents you don’t need
If you have a List A document, you should only have a copy of the List A document and not extra documents from List B and/or C. If you don’t have a List A document, then, you would need copies of both the List B and List C documents.
VI. Review the I-9 to verify that it is completed correctly and perform self-audits
VII. Consider proper transmission and storage of the I-9
As sensitive personal information is contained on the Form I-9, careful employers will be cautious about where the I-9 is stored and where it might be duplicated. Faxing or emailing Forms I-9 (unless the email is encrypted) can create risks of inadvertent disclosure. Be cautious about an unsecure digital copy that could be created in a scanner or on someone’s email account. Paper I-9 forms will be more secure if stored in a secure space under lock and key.
This post is also being shared on our Data Privacy +Security Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.