Employers who need to secure their email addresses for new hires and job postings need to be more aware of the risks, according to the National Employment Security Commission.
The agency is investigating the possibility of data breaches involving hundreds of thousands of email accounts, including some with names that could be sensitive.
The SEC has been looking into the issue since last year, when an unnamed employee at a large law firm received an email with his name, address and job title from a company that was using his information to contact him.
He alerted the firm and they began to investigate, eventually discovering that his information was used to contact the firm’s former IT director and a man who had worked for the firm in the past.
He says he was fired after he brought the email to the attention of his former employer.
The former IT head did not respond to a request for comment.
Companies can use the Social Security Number, Social Security number or employer ID to identify individuals with security concerns, but employers are required to keep the personal information safe.
Employees have to keep it secure, but the agency recommends not allowing the information to be sent or accessed by unauthorized parties.
“We are concerned about how the government may use your personal information to obtain information about you, including whether you have access to your personal details or whether they can obtain them from other sources,” the SEC said in a notice last month.
For new hires, the agency recommended that employers ensure they use secure email addresses that are not known to have been compromised.
“As you may know, the Department of Homeland Security has recently expanded its authority to request records and information about foreign nationals,” the agency said in the notice.
“The DHS’s ability to request information from employers is in response to a variety of national security threats, including terrorist attacks, cyber-attacks and cyber-enabled threats.”
Employers can also make a decision to encrypt their email accounts by default.
But the agency warned that encryption could “cause significant disruptions in the ability of companies to communicate securely with employees and other third parties.”