Non-Photo Related Legal Question

Joined
Feb 22, 2005
Messages
4,356
Location
CT USA
I've just opened an e-mail from the finance dept at work requesting that I update all my personal information, including SSN. They have a web site address that we are supposed to go to do it. It is not secure, I there is no secure site icon anywhere. I replied to the sender that the site was not secure and was told to fill out the info on paper (I know they will just enter it themselves).
Knowing this, I have a really queasy feeling right now.
Does anyone here know what rights I have, if any, regarding me protecting my SSN??
 
Joined
Feb 6, 2005
Messages
3,497
Location
South SF Bay Area, CA.
IANAL, but I think that your employer must know (and update) your SSN, if for no other reason because it is also your Tax ID.

Can you verify that the email address really belongs to your company (and its finance department): perhaps you have a company-wide directory listing of all valid emails and you can cross-reference it against it?

Also, the web site address they gave you to update your information may not be encrypted (although it's odd for it not to be), but if it is located inside your company's intranet (i.e. there is no top-level domain at the end of the first term, such as .com, .net, etc...), it doesn't matter, as the information won't leave your company network, even if it spreads multiple locations. Communication between multiple location is probably already encrypted, otherwise your IT and finance department are... well let not say it here! :wink:
 
Joined
Mar 31, 2005
Messages
14,469
Location
Toronto Canada
In some instances, SSN are required. Employers and banks (if paying interest on funds) are the first two which come to mind. Here, if someone wants the deposit on their home purchase to be put into an interest bearing certificate, they have to provide their SSN. No number, no interest.
Tenants can also refuse to give their SSN on an application but they do have to provide a valid up to date credit check if requested/required.

I wouldn't send any information, esp SSN, over the internet. No need, and too much to lose. Identity theft is rampant.
 
Joined
Jan 24, 2006
Messages
1,239
Location
Utica, NY, USA
I would follow Raul's suggestion. Call your HR Department and tell them that you are concerned about the Finance Dept. asking employees submitting info over insecure internet means. They probably should reign in the finance dept. if they are indeed behind this request. The company you work for has had your SSN already for a long time, so to me it looks like Phishing. Let's know how it works out.
 
Joined
Feb 22, 2005
Messages
4,356
Location
CT USA
Thanks all, I have verified it is from work, but it concerns me that this site is available outside of the work computer system, thus, in my thinking, it should be encrypted. It is possible that it is, I'll have to check when I get home. I don't have an issue with giving work my SSN, (even though they already have the info, how many times does someone get a new or different SSN????) I just have a problem with them putting it on what appears to be a non-secure site. I also have little faith in our IT department, who supposedly set this all up, as they can't even seem to fix the day to day problems. The stuff that they told me couldn't be fixed was fixed by a temp summer help kid in 45 seconds.
And yes, I think it is an internet site, www.********.org/*****
 
Joined
Jan 6, 2007
Messages
739
Location
St. Louis
...but if it is located inside your company's intranet (i.e. there is no top-level domain at the end of the first term, such as .com, .net, etc...), ...
FYI: intranet site also have top-level domains all the time. In fact, I don't think I've ever worked on a company intranet that didn't have a top-level domain. Actually, an intranet differs only in the fact that it is behind a firewall and inaccessible from the public internet, except via a VPN or a direct connection to the company network.
 
Joined
Feb 22, 2005
Messages
4,356
Location
CT USA
This is definately internet, I just accessed it from home without any security icons. It's sad.....
 
Joined
Feb 6, 2005
Messages
3,497
Location
South SF Bay Area, CA.
FYI: intranet site also have top-level domains all the time. In fact, I don't think I've ever worked on a company intranet that didn't have a top-level domain. Actually, an intranet differs only in the fact that it is behind a firewall and inaccessible from the public internet, except via a VPN or a direct connection to the company network.
It depends. Some companies set up their DHCP servers to provide an automatic top-level domain which gets appended automatically, and also code their intranet site so it does not use the top-level domain. It makes it easier to visually distinguish in a URL what is private from what is public. Otherwise, you are of course correct: the main difference between an intranet and internet site is that the former is not publicly accessible...
 
Joined
Jan 13, 2006
Messages
4,167
Location
Columbia, Maryland
Real Name
Walter Rowe
Does the URL begin with "http" or "https" ("s" added on second one)? If it is https, then it is a secure site. Our company contracts out lots of things - online employee surveys, benefits management, etc. All of them are secure connections (https). Depending on the size of your company, they may just be outsourcing some in-house processes.
 
A

adrianaitken

Guest
Strange - why isn't the email from your HR dept ? Surely they pay your salary,call your next of kin if there is an accident at work etc. and would need your personal details ?
 
Joined
Dec 29, 2005
Messages
2,434
Location
Bournemouth, UK
it's possible the page which contains the form is http (not ssl) but that the data when you hit 'send' (or whatever) does go over https,. though not commonly done I have seen it occasionally

Sil
 
Joined
Feb 22, 2005
Messages
4,356
Location
CT USA
it's possible the page which contains the form is http (not ssl) but that the data when you hit 'send' (or whatever) does go over https,. though not commonly done I have seen it occasionally

Sil
Well, it appears that isn't the case here, either. I watched as one employee hit the send button and saw no indication of security, neither the https or the encryption icon. I've e-mailed the IT guy for his explaination, doubt I'll get more than double talk.
 

Latest posts

Links on this page may be to our affiliates. Sales through affiliate links may benefit this site.
Nikon Cafe is a fan site and not associated with Nikon Corporation.
Forum post reactions by Twemoji: https://github.com/twitter/twemoji
Copyright © 2005-2019 Amin Forums, LLC
Top Bottom