Identity Theft: Is Your Business Prepared?
Tuesday, August 23, 2011
Half of all identity theft happens at the workplace. It is the one place an identity thief can go to get a lot of nonpublic information and why regulators are holding business owners more accountable.
“They are not after your money, your equipment or your inventory. A new breed of criminal wants the personal information you keep on customers, suppliers and employees, and if you lose it, you’ll wish they went for the cash,” a Business Journal article states.
No business wants to be linked to a breach of confidential information that leads to identity theft. A breach alone impacts the company’s credibility. CIO Magazine reported in an article titled “The Coming Pandemic” that, “If you experience a security breach, 20% of your affected customer base will no longer do business with you, 40% will consider ending the relationship and 5% will be hiring lawyers!” In addition, employee victims of identity theft can take up to 600 hours (15 weeks) — mainly during business hours — to restore their identities at an average personal restoration cost of $1,500.
All businesses and corporations must defend their operations from identity theft. Key federal privacy and security laws include Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, the new Red Flag Rules, Gramm-Leach-Bliley Safeguard Rules and state laws. The liability of violations varies between these laws and courts, but may include one or all of the following: federal and state fines, class action lawsuits (with no statutory limitation), responsibility for actual losses of victims and as many as 10 years jail time. Think about it.
Do you have a culture of security within your business operations? Are annual security and identity theft employee training sessions scheduled? Does your business have an identity theft prevention and mitigation plan? Are sensitive data files — including medical and financial records, Social Security numbers, birthdates, credit card numbers, addresses and other personally identifiable information — stored in locked files or cabinets? Can only selected employees access these files? If you say ‘no’ to any of these questions, your business may be at risk for noncompliance and legal consequences. In an ABA Journal article, Betsy Broder, former assistant director of the Federal Trade Commission (FTC)’s Division of Privacy and Identity Protection, says, “We need to see that you have taken reasonable steps to protect your customers’ information.”
Every business has three options for starting the compliance process to manage its risk for identity theft. They include “the do nothing option,” the do it yourself option” and “no direct cost option.”
The no direct cost option or the Affirmative Defense Response System is a proven system that can be implemented immediately. The system can potentially mitigate damages and reduce exposure to class action lawsuits and Federal Trade Commission litigation. It provides templates for legal documents, includes a written security policy with an identity theft protection and mitigation plan, and administers the initial mandatory employee identity theft training.
The Affirmative Defense Response System is offered through Pre-Paid Legal Services, Inc., by nationally certified Group Security Specialists. It is a program to protect businesses around the country from the devastation of identity theft. It was developed by national security experts and Pre-Paid Legal Services’ Attorney Advisory Council in accordance with FTC guidelines.
For additional information, contact Steve Baker. Steve Baker is an independent associate and Executive Director with Pre-Paid Legal Services, Inc., and can be reached by calling (651) 493-9394. To obtain a free copy of the book “The Silent Crime: What You Need to Know About Identity Theft” by Michael McCoy, call Steve Baker and mention this article.
MD News August 2011, Twin Cities