With Identity theft losses mounting, state and Federal legislation has been passed that has stringent penalties and jail time for business owners who are not in compliance. Because 87% of business owners are not even aware of these laws, what you don't know can hurt you. Maybe $1,000,000 in fines and up to 10 years in jail will motivate you to secure all the personal information of your clients and employees. Experts are predicting that identity breaches will be THE next hot class action target so listen and learn.
Disgruntled workers with access to their employer's data files can make a lot of money selling little pieces of you. They can sell your Social Security number Identity for $100, they can sell your credit card info (financial identity) and they can also sell your driver's license identity which will have a negative impact on your character/criminal identity if they decide to rob a liquor store and get caught with "your" driver's license. You already know about the dangers of medical identity theft if you saw any of the 3 Reader's Digest covers from 2006.
The Feds recently decided that the DMVs of each state needed to be able to recognize what the actual driver's licenses of all other states looked like. The Feds made up a little book with the EXACT specifications on each state's driver's license. About a week after that book was distributed, it was already being sold on the internet. A new industry has been born due to that book. All a criminal needs is a computer, printer, laminator and that book to have a prosperous criminal enterprise. Even trained authorities can't tell the difference between a "real" and fake license"real" license and the fake one. The authorities can't distinguish between the "data base you" and the you your friends know"data base you" and the you who is looking at yourself in the mirror. The data base you has gone on a crime spree and given the police a copy of a driver's license with YOUR number and another address on it. You never get the notice to appear and they sure aren't going to show up at your trail, so a bench warrant goes out in your name. The next time you are stopped for some routine traffic violation, the real you is going to jail. How many times do the criminals say, "OK, you got me." Isn't the regular drill something like, "You've got the wrong guy. It wasn't me." Except this time it WAS the data based you.
Only one in 700 criminals engaged in ID theft are caught. This crime wave has no end in sight. As more and more employees fall victim, it will hurt the bottom line of their employer since the Federal Trade Commission says that on average, it takes 600 hours to restore your identity. That is 15 40 hour work weeks. Who has that kind of time? ALL the data leaks are coming from ignorance on the part of businesses or the government themselves. The Census Bureau is very proud that they have ONLY lost 1,200 lap top computers with millions of names and personal information on American citizens. So the government is clamping down HARD on businesses because they can't do a thing on the criminal front.
The National Institute of Standards and Technology (NIST) identifies "unauthorized access" as a type of security breach that each business must address. That means each computer needs to be password protected and the password can't be put on a yellow sticky on the monitor. You need a clean desk policy at the end of each business day with ALL personal information locked up.
ID theft crime rings have set up "janitorial" businesses that come in at night and copy client and employee data files, go through unlocked file cabinets and trash looking for personal info, employment applications etc. Confidence men (women) can take jobs as low level temporary office employees and steal the data bases with all the information of the businesses clients.
In "The Coming Pandemic" (5/15/06 article in Chief Information Officer magazine) the writer says, "If you experience a security breach, 20% of your affected customer base will no longer do business with you. 40% will consider ending their relationship, and 5% will be hiring lawyers!" The author also stated, "When it comes to cleaning up this mess, companies on average spend 1,600 work hours per incident at a cost of $40,000 to $92,000 per victim."
Here is an outline of the major laws that affect ID Theft and have led to absolute liability to businesses that have not secured their files.
ID Theft was finally recognized as a crime in 1998 when Congress passed the Identity Theft and Assumption Act and established the Federal Trade Commission as the lead agency to enforce and fine businesses for non compliance. The FTC says that each year since 1998 there has been twice as much ID theft reported than the year before and even though it is severely under reported it is estimated that as of July 2006 there have been over 88 million consumers affected by the reported breaches.
FACTA (Federal legislation in effect since June 2005) Grants additional rights to consumers and incorporates specific provisions designed to help victims of ID theft and fraud, mainly that they are entitled to one free credit report per year from each of the 3 reporting agencies due to the proliferation of ID theft that has only gotten worse. Gramm, Leach, Bliley Safeguard Rule (fed legislation since 1999) the compliance deadline was in 2001 GLB, has a broad spectrum of qualifications, requirements and regulating parties. Eight agencies and the states are charged with managing and enforcing the regulations.
GLB applies to a broad range of businesses that collect the personal financial information of their clients.The two regulations of GLB are the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule addresses the collection and dissemination of customers' information while the Safeguard rule governs the processes and controls an organization's uses to protect customers' financial information.
The Safeguard Rule is enforced by the FTC. In addition to public embarrassment of non-compliance, organizations may be fined thousands of dollars a day while they are non-compliant.
GLB calls for businesses to: 1. Ensure the security and confidentiality of customer information; 2. Protect against any anticipated threats or hazards to the security or integrity of such information; and 3. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
In a nutshell, it requires that regulated companies do the following: Specify a person or group of people to be responsible for GLB compliance. Identify security risks involving customer information. Assess existing safeguards for protecting the privacy of customer information. Implement any additional safeguards that are needed. Monitor the effectiveness of safeguards. Ensure that service providers are able to meet the GLB requirements. Upgrade the organization's security program as necessary due to changing circumstances.
California SB 1386, effective 7/1/03 Data Breach Notifications ANY business having even 1 customer in California requires a PUBLIC disclosure of computer security breaches when personal information of any California customer is compromised. This law subjects a company to civil and class action lawsuits by any injured customer.
Betty Broder, who is the assistant director of the FTC's Division of Privacy and Identity Protection says, "You don't have to have a perfect plan, but you MUST have a written plan describing how customer and employee data will be protected and an officer on staff responsible for implementing that plan. We need to see that you've taken reasonable steps to protect your customer's info." (quote taken from American Bar Association 3/06 story, "Stolen Lives")
The 1/19/06 edition of Business and Legal Reports says, "One solution that provides an affirmative defense against potential fines, fees, and lawsuits is to offer some sort of identity theft protection as an employee benefit. An employer can choose whether or not to pay for this benefit. The key is to make the protection available, and have a mandatory employee meeting on identity theft and the protection you are making available, similar to what most employers do for health insurance..."
By having a mandatory meeting the employees finally understand their responsibilities to protect the sensitive data of your client's business. This may be overwhelming BUT with a little help a business can develop an affirmative defense. Free federal compliance training is available for businesses who understand the importance of mitigating their damages and providing an affirmative defense.
Businesses with 10 or more employees may be able to get free Federal compliance training depending on their location. Contact the author for more information.
As parents we most often carefully monitor our child's websites, emails, cell phone and text messages because we are concerned. Many times it is a concern for our child's safety. We worry about them being approached inappropriately online. We are concerned about sexual predators. But have we considered that our children may also be in a different kind of danger --the danger of identity theft?
Children are the perfect target for identity theft. They have a spotless credit record and because they are not using their credit it may go undetected for several years. They grow up and suddenly there discover their credit records are blemished. Can the information that we share about our children, whether it is online, to a school or medical professional allow the opportunity for identity theft?
In 2005 the Federal Trade Commission reported that over half a million children were victims of identity theft. These cases include: the use of a child's Social Security Number being used illegally for income tax purposes and obtaining credit in a child's name. It's easy enough to do; just the other day one of my own children received a credit card offer in the mail. What if that fell into the wrong hands?
How can you protect your child from identity theft? The National Cyber Security Alliance calls social networking sites ?billboards in cyberspace.? Would you post on a billboard your child's personal information, such a social security number? To protect your child from identity theft you can take the following steps:
Limit access to your profile, photographs, blogs and other online sources.
Limit access to your child's social security number. You can refuse to provide it to schools and medical providers. Educational or health benefits can not be denied based on keeping your information private.
Keep a safe spot in your home for important documents. This can be a lock box or file cabinet with a lock on it.
When someone request your child's SSN know the reason for doing so. Ask for copies of the bank account statement or other verifying documents if they claim that they are setting up a savings account or other investment opportunity for your child. Note, in the event a family member or friend wants to create an investment or savings fund for your child establish the account yourself and note that deposits can be made by specific individuals on the account. This keeps your child's social security number private.
Do not carry important documents in your purse.
Do not provide your children with their SSN or Birth Certificate until they are older. Destroy and/or shred any and all documents of a personal nature including credit card offers, medical claim forms (after paid) and any other document you do not need to keep. Invest in a scanner and scan the documents into your computer, save it to a disc and keep it under lock and key.
Be sure to use your computer's parental controls, including spyware and anti virus software, not only for to protect your child's information but yours also.
Ask questions and distrust any website or telephone call that asks for your child's social security number. Make sure that any request for your child's SSN is valid, relevant and necessary before providing it.
Thoroughness and vigilance are absolutely necessary to protect your child from identity theft. In most cases, identity theft to children is committed by friends or family members, however more and more instances occur as a result of information posted on the internet; whether by yourself or your child. Don't worry about what people will think of you. Those that understand will see you as a concerned parent who is being very aware of the real world and its dangers, and one not only protects their child's future financial wellbeing, but also sets the example to other parents by teaching them how to protect their children from identity theft.
Both Belinda Rachman, Esq. & Lisa Carey are contributors for EditorialToday. The above articles have been edited for relevancy and timeliness. All write-ups, reviews, tips and guides published by EditorialToday.com and its partners or affiliates are for informational purposes only. They should not be used for any legal or any other type of advice. We do not endorse any author, contributor, writer or article posted by our team.
Belinda Rachman, Esq. has sinced written about articles on various topics from Entertainment Guide, Health and After Divorce. An attorney since 1996, Rachman has recently passed the exam to add another distiinction to her resume as a Certified Identity Theft Risk Management Specialist. She helps individuals and businesses protect themselves from the fastest growing crime in the. Belinda Rachman, Esq.'s top article generates over 8100 views. to your Favourites.
Lisa Carey has sinced written about articles on various topics from Computers and The Internet, Shopping and Computer Virus. Lisa Carey is a contributing author for . You can get tips on Identity theft protection, software, and monitorin. Lisa Carey's top article generates over 9900 views. to your Favourites.