PROTECT YOUR BUSINESS – AND YOUR CUSTOMERS – FROM IDENTITY THEFT

One of the keys to preventing identity theft is to safeguard personal information within the workplace, whether it’s a business, government agency, or nonprofit. Targets for identity thieves include SSNs, driver’s license numbers, financial account numbers, PINs, passcodes, and dates of birth.  Here are some strategies to use in your business to reduce the possibility of intentional or inadvertent disclosure of employee or customer/client personal information which might open your business or you personally to an action for such release or failure to safeguard:

• ·Store and encrypt sensitive personal data in secure computer systems.  Make sure wireless connections are password-protected.  Hard copies of documents should be stored in secure spaces such as locked file cabinets, and data should only be available to qualified persons.
• ·Dispose of documents properly.  SHRED, SHRED, SHRED.  “Wipe” electronic files; destroy old computer drives and CD’s or other electronic storage devices before simply throwing them away.  Most stated have enacted some type of document destruction law.  The federal Fair Credit Reporting Act (FACTA) has a provision on document disposal (section 216).  Place shredders around the office, near printers and fax machines, and near waste baskets. Use cross-cut (confetti) shredders rather than strip-shredders. Make sure dumpsters are locked and inaccessible to the public.
• ·Conduct regular staff training and screening, including screening new employees, temporary employees, and contractors, and stress the need for proper information safety procedures.  Perform your

own investigation by conducting spot checks on proper information handling. Reward employees and departments for maintaining “best practices.”  Importantly, conduct background checks on employees (especially for individuals who have access to personal information) and outside contractors such as cleaning services, shredding services, and other outside contractors.

• Limit data display and disclosure.  Do not print full SSNs on paychecks or other business documents.  Do not print SSNs on mailed documents; do not require that they be transmitted via the Internet unless allowed by law.
• Safeguard mobile devices that contain sensitive personal data, such as laptops, Blackberries, PDAs, and mobile phones. These are a favorite target of thieves.
• Regularly audit compliance with all information-handling practices and privacy policies.

In summary, everyone from the mail clerk to the CEO must make it their business to handle personal information responsibly in the workplace. Don’t make the workplace a breeding ground for identity theft.  More importantly, don’t allow your business – or you personally – to become liable for a claim by an employee or customer/client due to the inadvertent release (or intentional theft) of valuable personal information.

ROBERT F. SCHILLBERG, JR., is a member of EMACC and is an attorney licensed in New Jersey and New York, with an office in Red Bank, New Jersey, practicing primarily in the areas of business and corporate law, civil litigation, municipal court, and residential/commercial real estate.