Avoid Problems - Protect Client Identity
Image via Wikipedia
In the 1980s, bad guys stole Mercedes Benz hood ornaments. Today’s enterprising criminals steal identities. Identities are stolen from homes, from trash cans, from purses and from glances over shoulders.
And, unfortunately, often from businesses. There are many ways individuals protect themselves from identity theft Unfortunately, many businesses are not so conscientious. When clients and customers hand over birthdates, social security numbers, addresses and credit card numbers to businesses, they trust the business to protect their identity.
Every business must have a method to secure and protect paper and electronic information . . . from the instant the information enters the business through final disposition.
Customers expect identity protection.
Failure to implement an information security plan may cost your business: clients, revenue, and time. One breach and clients will avoid your business as if there was police tape across your front door. In most cases, if identity is stolen from your business, you are not only liable for the ensuing damages, you are also required to assist in the investigation including: finding and providing applications and business transaction records or account records.
Penalties for those who fail to protect identity vary by state. The Texas Attorney General initiated suits against businesses for failure to protect identity of customers. (One suit settled for $220,000.00 against a business that disposed of sensitive information in dumpsters). The law upon which one of the Texas suits is based mirrors an Iowa law.
Implementing a security plan involves several steps:
1) Review your document retention plan to decide what you need to have.
2) Review your electronic documents to determine what you have. Don’t start deleting until you have a plan. Have you checked online storage? flash drives? Employees' home computers?
3) Review your paper documents to determine what you have. (Stop, no shredding until you have a plan.)
4) Review specific agency requirements for your business.
5) Review specific privacy requirements for your business.
6) Determine where/how to store your electronic documents.
7) Determine where/how to dispose of electronic documents.
8) Determine where/how to store your paper documents.
9) Determine where/how to dispose of paper documents.
10) Review how you receive electronic documents. Is your website secure?
11) Review how you receive paper documents. Most identity thefts take place before the information is recorded.
12) Write down your plan and go over it. Set timelines and reminders.
None of this matters if your storage is not secure. Physical storage is easier: lock it, hide it and treat every document like cash (it may be). Electronic storage is becoming increasingly complex. Network security experts (and expert criminals) are everywhere. As a business owner, you must understand Internet Law. You must know terms like firewall, encryption, breach detection and offsite back up. You must also have a plan to update your security regularly. State-of-the-art security from five years ago is now as easy to breach as your grandparent’s old screen door.
The Federal Trade Commission has a detailed but usable 15 page guide for businesses to protect client information. You would not leave your cash on the counter. You wouldn’t post your own social security card on the front window. Don’t leave your clients' identification or money exposed either.