Stop Id Theft     Stop Identity Theft Info.com
 

Identity Theft Laws That Business Owners Need To Know!

grey-circle-arrow_R With Identity theft (laws) losses mounting, state and Federal legislation has been passed that has stringent penalties and jail time for business owners who are not in compliance.

grey-circle-arrow_R Because 87% of business owners are not even aware of these laws, what you don't know can hurt you. Maybe $1,000,000 in fines and up to 10 years in jail will motivate you to secure all the personal information of your clients and employees.

 Experts are predicting that identity breaches will be THE next hot class action target so listen and learn.Identity Theft Laws That Business Owners Need To Know

grey-circle-arrow_R Disgruntled workers with access to their employer's data files can make a lot of money selling little pieces of you. They can sell your Social Security number Identity for $100, they can sell your credit card info (financial identity) and they can also sell your driver's license identity which will have a negative impact on your character/criminal identity if they decide to rob a liquor store and get caught with "your" driver's license.

 You already know about the dangers of medical identity theft if you saw any of the 3 Reader's Digest covers from 2006.

grey-circle-arrow_R The Feds recently decided that the DMVs of each state needed to be able to recognize what the actual driver's licenses of all other states looked like. The Feds made up a little book with the EXACT specifications on each state's driver's license.

 grey-circle-arrow_R About a week after that book was distributed, it was already being sold on the internet. A new industry has been born due to that book. All a criminal needs is a computer, printer, laminator and that book to have a prosperous criminal enterprise.

 grey-circle-arrow_R Even trained authorities can't tell the difference between a "real" and fake license"real" license and the fake one. The authorities can't distinguish between the "data base you" and the you your friends know"data base you" and the you who is looking at yourself in the mirror. The data base you has gone on a crime spree and given the police a copy of a driver's license with YOUR number and another address on it.

grey-circle-arrow_R  You never get the notice to appear and they sure aren't going to show up at your trail, so a bench warrant goes out in your name. The next time you are stopped for some routine traffic violation, the real you is going to jail. How many times do the criminals say, "OK, you got me." Isn't the regular drill something like, "You've got the wrong guy. It wasn't me." Except this time it WAS the data based you.

grey-circle-arrow_R Only one in 700 criminals engaged in ID theft are caught. This crime wave has no end in sight. As more and more employees fall victim, it will hurt the bottom line of their employer since the Federal Trade Commission says that on average, it takes 600 hours to restore your identity. That is 15 40 hour work weeks.

 grey-circle-arrow_R Who has that kind of time? ALL the data leaks are coming from ignorance on the part of businesses or the government themselves. The Census Bureau is very proud that they have ONLY lost 1,200 lap top computers with millions of names and personal information on American citizens. So the government is clamping down HARD on businesses because they can't do a thing on the criminal front.

grey-circle-arrow_R The National Institute of Standards and Technology (NIST) identifies "unauthorized access" as a type of security breach that each business must address. That means each computer needs to be password protected and the password can't be put on a yellow sticky on the monitor. You need a clean desk policy at the end of each business day with ALL personal information locked up.

grey-circle-arrow_R ID theft crime rings have set up "janitorial" businesses that come in at night and copy client and employee data files, go through unlocked file cabinets and trash looking for personal info, employment applications etc. Confidence men (women) can take jobs as low level temporary office employees and steal the data bases with all the information of the businesses clients. 

grey-circle-arrow_R In "The Coming Pandemic" (5/15/06 article in Chief Information Officer magazine) the writer says, "If you experience a security breach, 20% of your affected customer base will no longer do business with you. 40% will consider ending their relationship, and 5% will be hiring lawyers!"

 grey-circle-arrow_R The author also stated, "When it comes to cleaning up this mess, companies on average spend 1,600 work hours per incident at a cost of $40,000 to $92,000 per victim."

grey-circle-arrow_R Here is an outline of the major laws that affect ID Theft and have led to absolute liability to businesses that have not secured their files.

grey-circle-arrow_R ID Theft was finally recognized as a crime in 1998 when Congress passed the Identity Theft and Assumption Act and established the Federal Trade Commission as the lead agency to enforce and fine businesses for non compliance.Identity Theft Laws That Business Owners Need To Know

grey-circle-arrow_R The FTC says that each year since 1998 there has been twice as much ID theft reported than the year before and even though it is severely under reported it is estimated that as of July 2006 there have been over 88 million consumers affected by the reported breaches.

grey-circle-arrow_R FACTA (Federal legislation in effect since June 2005) Grants additional rights to consumers and incorporates specific provisions designed to help victims of ID theft and fraud, mainly that they are entitled to one free credit report per year from each of the 3 reporting agencies due to the proliferation of ID theft that has only gotten worse.

 grey-circle-arrow_R Gramm, Leach, Bliley Safeguard Rule (fed legislation since 1999) the compliance deadline was in 2001 GLB, has a broad spectrum of qualifications, requirements and regulating parties. Eight agencies and the states are charged with managing and enforcing the regulations.

grey-circle-arrow_R GLB applies to a broad range of businesses that collect the personal financial information of their clients.The two regulations of GLB are the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule addresses the collection and dissemination of customers' information while the Safeguard rule governs the processes and controls an organization's uses to protect customers' financial information.

grey-circle-arrow_R The Safeguard Rule is enforced by the FTC. In addition to public embarrassment of non-compliance, organizations may be fined thousands of dollars a day while they are non-compliant.

grey-circle-arrow_R GLB calls for businesses to: 1. Ensure the security and confidentiality of customer information; 2. Protect against any anticipated threats or hazards to the security or integrity of such information; and 3. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

grey-circle-arrow_R In a nutshell, it requires that regulated companies do the following: Specify a person or group of people to be responsible for GLB compliance. Identify security risks involving customer information. Assess existing safeguards for protecting the privacy of customer information. Implement any additional safeguards that are needed.

grey-circle-arrow_R Monitor the effectiveness of safeguards. Ensure that service providers are able to meet the GLB requirements. Upgrade the organization's security program as necessary due to changing circumstances.

grey-circle-arrow_R California SB 1386, effective 7/1/03 Data Breach Notifications ANY business having even 1 customer in California requires a PUBLIC disclosure of computer security breaches when personal information of any California customer is compromised. This law subjects a company to civil and class action lawsuits by any injured customer.

grey-circle-arrow_R Betty Broder, who is the assistant director of the FTC's Division of Privacy and Identity Protection says, "You don't have to have a perfect plan, but you MUST have a written plan describing how customer and employee data will be protected and an officer on staff responsible for implementing that plan. We need to see that you've taken reasonable steps to protect your customer's info." (quote taken from American Bar Association 3/06 story, "Stolen Lives")

grey-circle-arrow_R The 1/19/06 edition of Business and Legal Reports says, "One solution that provides an affirmative defense against potential fines, fees, and lawsuits is to offer some sort of identity theft protection as an employee benefit.

 grey-circle-arrow_R An employer can choose whether or not to pay for this benefit. The key is to make the protection available, and have a mandatory employee meeting on identity theft and the protection you are making available, similar to what most employers do for health insurance..."

grey-circle-arrow_R By having a mandatory meeting the employees finally understand their responsibilities to protect the sensitive data of your client's business. This may be overwhelming BUT with a little help a business can develop an affirmative defense. Free federal compliance training is available for businesses who understand the importance of mitigating their damages and providing an affirmative defense.

 

Stop Identity Theft Guide
ID Theft Prevention
ID Theft Detection
ID Theft Protection
ID Theft Recovery
ID Theft Types

 

Home of Identity Theft Info Privacy Statement Contact Us Site Map

 ©2008 StopIdentityTheftInfo.com. All Rights Reserved