Rate how helpful this article is:

(No Ratings Yet)

 Loading ...

Two million people were the victims of identity theft in 2008, an increase of 25 percent from 2007, according to a newly released survey from Javelin Strategy and Research. Where the victim can determine how the information was stolen, eleven percent was stolen via online scams, hacking, phishing, pretexting, etc. But half the information was stolen the old-fashioned way: lost or stolen wallets.

Businesses tend to collect a lot of personal information from their customers and employees, and should be vigilant about proper security and storage of this information.

Employers should keep employee personnel records under lock and key. These records contain names, addresses and Social Security numbers, as well as performance information and salary history. Stored separately, and also under lock and key, should be information relating to employee health information, including workers comp information, doctors’ notes, and leave requests.

These records should be taken out only when needed, and otherwise locked. Employees who work with this information should secure it when they leave their desk for any reason.

Protecting customer information is just as important.

First, be conservative in what information is collected in the first place. What is the minimum amount of information needed on each customer? Social Security numbers should be used only for reporting employee taxes and not as customer identification numbers.

Think about whether you should keep customer credit card numbers and expiration dates on file at all. Does it serve an important business function? Is the convenience of stored personal information important enough to your customers enough to justify the potential risks? Full credit card numbers should not be printed on receipts &endash; use the last four digits only. Expiration dates should not be stored. Check the default settings on credit card processing machines to ensure they are permanently storing this information and are printing only the last four digits of the credit card number.

If you do need to keep private customer information (for business reasons or to comply with particular laws), have a written document retention policy that sets forth how long you will keep the information, and how you will destroy it.

Paper records should be shredded so that they can’t be reconstructed. Media containing electronic records should be erased or destroyed so that records cannot be recovered or reconstructed.

It is imperative that your computer have adequate firewalls and anti-virus protection. These programs should be updated regularly. Sensitive information should be kept in password protected files.

Sensitive information may also be stored in cash registers, inventory scanners or cell phones, and the security of these devices should be assessed as well. If possible, store sensitive information on a computer that does not have an Internet connection. Web applications, including those that transfer information to vendors, are particularly vulnerable to hackers or security breaches.

If a computer is compromised, disconnect it immediately from Internet access. Investigate incidents immediately. You may be required by law to make certain notifications to customers, law enforcement, credit bureaus or your business partners (banks, credit card processors, etc). It is important to have a security plan in place.

The Federal Trade Commission has significant information on how to protect yourself and your customers from identity theft, as well as what to do if you’ve had a breach of security.

Tags: hacking, Identity Theft, phishing, pretexting, security breach, Social Security Numbers

This entry was posted on Wednesday, February 18th, 2009 at 10:21 am and is filed under business law, employment law, Identity Theft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.