Knowledge is power, but it also can make you nervous when you begin to realize just how much you don't know. Business owners are painfully aware of compliance as an issue, but 87 percent don't have a clue what the identity theft laws are or how to reduce their risk of getting in trouble.
The five kinds of identity theft are driver license, social security number, medical, character/criminal and financial. Because identity theft is now an epidemic, state and federal laws have been passed that mandate all businesses protect the personal information of staff and customers. The California Security Breach Information Act defines personal information as an individual's first name or initial and last name in combination with one or more of the following: a social security number, driver license number, California Identification Card number, account number and credit or debit card information.
There are stringent reporting duties should this data be breached. California state law requires that you inform staff or clients if the security of their information is compromised. If there is a security breach of a database containing personal data, you must notify each individual for whom information was obtained.
The Act, SB-1386, has been in effect since 2003. If you have a business with customers in California, this law affects you.
If no one finds out about the breach, nothing happens. However, this is a civil law that will eventually become public knowledge. If the public embarrassment and public relations nightmare aren't enough incentive to comply, think about the lawsuits that could come from those whose information was breached.
So what do you need to do?
• Appoint a security officer to ensure SB-1386 compliance. This person should initiate communication and training within the company to develop awareness of the security measures and adherence to written policies and procedures regarding securing personal information.
• Identify the location of all databases that contain personal information and implement access controls and physical security measures for data security.
• Develop and implement measures for detecting and reporting incidents of unauthorized access to personal information. Retain relevant records and test, maintain and audit the effectiveness of access controls and security measures.
• Create and put procedures in place for rapid assessment of suspected security breaches, referral of suspected criminal acts to law enforcement agencies, notification of affected California residents and public announcements to minimize the negative impact of the security breach.
• Review arrangements with all third parties who store, process or transmit personal information.
For more information, call Belinda Rachman at (760) 720-9324 or visit www.idtheftspecialist.info.
The five kinds of identity theft are driver license, social security number, medical, character/criminal and financial. Because identity theft is now an epidemic, state and federal laws have been passed that mandate all businesses protect the personal information of staff and customers. The California Security Breach Information Act defines personal information as an individual's first name or initial and last name in combination with one or more of the following: a social security number, driver license number, California Identification Card number, account number and credit or debit card information.
There are stringent reporting duties should this data be breached. California state law requires that you inform staff or clients if the security of their information is compromised. If there is a security breach of a database containing personal data, you must notify each individual for whom information was obtained.
The Act, SB-1386, has been in effect since 2003. If you have a business with customers in California, this law affects you.
If no one finds out about the breach, nothing happens. However, this is a civil law that will eventually become public knowledge. If the public embarrassment and public relations nightmare aren't enough incentive to comply, think about the lawsuits that could come from those whose information was breached.
So what do you need to do?
• Appoint a security officer to ensure SB-1386 compliance. This person should initiate communication and training within the company to develop awareness of the security measures and adherence to written policies and procedures regarding securing personal information.
• Identify the location of all databases that contain personal information and implement access controls and physical security measures for data security.
• Develop and implement measures for detecting and reporting incidents of unauthorized access to personal information. Retain relevant records and test, maintain and audit the effectiveness of access controls and security measures.
• Create and put procedures in place for rapid assessment of suspected security breaches, referral of suspected criminal acts to law enforcement agencies, notification of affected California residents and public announcements to minimize the negative impact of the security breach.
• Review arrangements with all third parties who store, process or transmit personal information.
For more information, call Belinda Rachman at (760) 720-9324 or visit www.idtheftspecialist.info.