Do the Businesses you frequent…
 
1. Conduct a criminal or civil background check before hiring employees who will have access to personal identifying information.

2. Provide cross-cut paper shredders at each workstation or cash register area or uses a locked wastebasket and shredding company for the disposal of credit card slips, unwanted applications or documents, sensitive data or prescription forms.

3. Use an alternate number instead of Social Security Numbers (SSN) for employee, client and customer ID numbers.

4. Never send out mail that includes your complete Social Security Number.

5. Require their health insurance providers to use an alternate number rather than the SSN for membership numbers on health insurance cards.

6. Have trained designated staff about security procedures in sending sensitive personal data by fax, email or telephone.

7. Keep sensitive information of consumers or employees on any item (timecards, badges, work schedules, licenses) out of view in public areas. That may include home addresses or phone numbers, SSN and driver’s license numbers.

8. Notify affected individuals in a timely manner in the event of a computer breach of a database that contains sensitive information.

9. Not require any items for security (to get gaming equipment or a locker) that contain personal identifying information.  If the company does request a customer give them an item for security, the item is not a driver’s license, Social Security Card or other card with identifying information.

10. Place photos on employee identification cards or badges for better identification and security.

11. Keep all personal data about employees and customers in locked cabinets and out of public areas.

12. Encrypt or password protect all sensitive data stored on computers and allow access only on a “need-to-know” basis.

13. Have trained their employees in how to receive personal identifying information from customers and clients without jeopardizing client security. For example, pharmacists who do not ask you to repeat your SSN aloud in a busy store.

14. Notify consumers and employees in advance as to the purposes of the data collection, to whom it will be distributed and the subsequent use after the fulfillment of the original purpose.

15. Never asks for more data than absolutely necessary.  For example, a health club does not need a Social Security Number, nor does a vet really need your driver’s license number.