The crooks want your data – or that of your customers – and they’re willing to pay lots of money to get it.
Identity theft regularly makes the headlines and most of us think it’s probably the responsibility of financial institutions and large retailers to protect our personal and financial information. It’s time to think again. US lawmakers have placed the responsibility for protecting sensitive information squarely on the shoulders of all businesses, both large and small.
There are now multiple statutes on the books that require almost all businesses to protect their customers’ personal and business data. And, of course, they’re loaded with fines for non-compliance and in some cases even jail time. Here are just a few of them:
The Personal Information Protection and Electronic Documents Act (PIPEDA) protects personal information in the hands of private companies and provides guidelines for the collection, use and disclosure of that information in the course of commercial activity.
The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed in February of 2009 as part of the federal economic stimulus package. The Act creates a federal requirement for all health service providers to protect personal health information and provides incentives to physicians for putting into "meaningful use" an Electronic Health Record system.
The Fair and Accurate Credit Transactions Act (FACTA) was signed into law on December 4, 2003. The FACT Act requires consumer reporting agencies and financial service providers that use a consumer report to adopt procedures for proper document disposal.
In addition, the Gramm-Leach-Bliley (GLB) Act of 1999 "Safeguards Rule" was designed to compel financial institutions to protect and secure customer's personal information. The rule requires disposal practices be "reasonable and appropriate," such as shredding papers containing consumer report information, so that the information cannot be read or reconstructed.
Finally, beginning in June of this year, the Federal Trade Commission (FTC) implemented the "Red Flags Rule." The term "Red Flag" refers to a pattern, practice or specific activity that indicates the possible existence of identity theft. The rule requires US financial institutions and creditors with covered accounts to have a standardized program that detects, prevents and mitigates identity theft. Covered organizations must have policies in place to comply with the new standards to avoid costly fines and regulatory enforcement actions. The fines for non-compliance range from $3,500-$11,000 per occurrence, which could lead to fines in the millions of dollars and jail time. To see if your company is expected to comply, visit http://www.ftc.gov/redflagsrule.
You get the message. But what can you do about it?
We’d suggest that you take a look at your document destruction procedures. Are you shredding unneeded documents on a regular schedule? Have you got store rooms full of unnecessary papers that may contain the personal or financial information of your customers? Have you left the management of storage and information to employees who may not be sensitive to the risk involved for your business? Or who may be tempted to listen to the offers of those crooks?
If so, consider using one or more of our shredders to get rid of that risky – and space consuming – pile of documents. A shredder rental system can provide a short-term solution to a massive problem which then can be dealt with on an ongoing basis through your existing equipment.
Also give some thought to renting a scanner for those critical papers you don’t want to get rid of but need to store securely. Electronic storage can be made so much more secure than can physical storage and the added benefit of having your info easily accessible and searchable can have genuine value.
Give one of our technical sales representatives a call at 888-520-5667. They’ll be able to give you a quick explanation of how we can help solve what has become a real hot button for our friends in Washington DC.