Tips for Businesses to Protect Their Consumers
Businesses are not immune from identity theft and fraud. The FTC reports that businesses lost $56.6 billion to identity theft last year. From large companies to small stores, identity thieves seek to steal customers’ and employees’ personal information through data breaches or outright theft.
Business owners have a responsibility to their customers and their employees to protect personal identification information. With proper data collection and measures to safeguard that information, companies can minimize the risk of customers’ and employees’ personal information falling into the wrong hands. In Florida, businesses are required to notify any affected individuals if a data breach has exposed personal information.
The following tips are suggestions for ways businesses and business owners can protect customers’ and employees’ sensitive personal information:
- Do not use Social Security Numbers or driver’s license numbers as account numbers. Include only part of the employee’s or customer’s Social Security Number if it is necessary to include it at all.
- Avoid asking your customers for private information, unless no other option is available. Avoid asking customers to provide you with necessary personal information in front of other customers or where the information could be seen or overheard.
- When conducting transactions which may require personal information, turn computer screens away from public view.
- Take appropriate steps to ensure third parties that perform services for you agree to keep personal information secure and confidential.
- Protect the personal information of former clients to the same extent as current clients.
- Don’t collect Social Security Numbers on job applications until selecting the applicant. Once you’ve selected a prospective new employee, consider conducting criminal and civil background checks, particularly if the employee will have access to sensitive information.
- Limit access to personal information to those employees who need it to perform their job duties.
- Maintain physical, electronic and procedural safeguards that comply with government requirements to keep your personal information safe as well as any other personal information your business may gather or record.
- Limit access to computers by using employee passwords and if applicable, institute a laptop security policy. Pick passwords and usernames that don’t include personal information.
- Put additional security measures in place, such as firewalls, anti-virus software, spyware protection software, and encryption software. Use data protection software that records network activity and regularly check logging data and audit trails for unusual or suspicious activity. Avoid file sharing or access to files containing personal identifying information via a network or the Internet, unless it is absolutely necessary.
- Make old computers’ hard-drives unreadable. After you back up your data and transfer the files elsewhere, you should sanitize by disk shredding, magnetically cleaning the disk, or using software to wipe the disk clean. Destroy old computer disks and backup tapes.
- Don’t mail, e-mail, or fax bills or other correspondence to customers that include personal identifying information. Keep incoming mail in a locked mailbox.
- Shred or destroy documents and records containing personal identifying information when you dispose of them. At a minimum, employees should destroy old documents containing personal information using a cross-cut paper shredder.