While no one can totally prevent identity theft due to the human element of this crime there are steps that a company can take to minimize risk factors for all of us. Safe information handling practices are the key to keeping identifying information out of the hands of thieves. These are some of the questions that must be asked.
-
Information acquisition — Do you have a good reason for requesting the information that you gather? Are you acquiring it in a safe manner so that it cannot be overhead or seen by others?
- Storage — What computer security measures have been placed around the systems storing personal data? Is the data considered highly classified and not common access?
- Access — Is personal identifying information available only to limited staff? Is database access audited or password controlled?
- Disposal — What is in your dumpster? Is it a treasure chest for thieves? Are electronic/paper documents and databases containing personal information rendered unreadable prior to disposal?
- Distribution — Are personnel trained in the proper procedures regarding information disclosure? Do you publicly display, use or exchange of personal information (especially Social Security numbers) in your workplace? This includes employee or membership cards, timecards, work schedules, licenses or permits and computer access codes.
- Personnel — Do you conduct regular background checks on ALL employees with access to identifying information? That might also include mailroom staff, cleaning crews, temp workers and computer or hotline service techs.
Businesses need to step up to the plate and become an ally in this war. They are truly our first line of defense. If they don't, we never will start to control the invasive crime called identity theft.
