ITRC Fact Sheet 102
Do the businesses you frequent:
- Conduct a criminal or civil background check before hiring employees who will have access to personal identifying information?
- Provide cross-cut paper shredders at each workstation or cash register area or use a locked wastebasket and shredding company for the disposal of credit card slips, unwanted applications or documents, sensitive data or prescription forms?
- Use an alternate number instead of Social Security Numbers (SSN) for employee, client and customer ID numbers?
- Ever send out mail that includes your complete Social Security Number?
- Require their health insurance providers to use an alternate number rather than the SSN for membership numbers on health insurance cards?
- Have trained designated staff about security procedures in sending sensitive personal data by fax, email or telephone?
- Keep sensitive information of consumers or employees on any item (timecards, badges, work schedules, licenses) out of view in public areas? This may include home addresses or phone numbers, SSN and driver’s license numbers.
- Notify affected individuals in a timely manner in the event of a computer breach of a database that contains sensitive information?
- Require any items for security (to get gaming equipment or a locker) that contain personal identifying information? If the company does request a customer give them an item for security, is the item something other than a driver’s license, Social Security Card or other card with identifying information?
- Place photos on employee identification cards or badges for better identification and security?
- Keep all personal data about employees and customers in locked cabinets and out of public areas?
- Encrypt or password protect all sensitive data stored on computers and allow access only on a “need-to-know” basis?
- Train their employees in how to receive personal identifying information from customers and clients without jeopardizing client security?
- Notify consumers and employees in advance as to the purposes of the data collection, to whom it will be distributed and the subsequent use after the fulfillment of the original purpose?
- Ever ask for more data than absolutely necessary? For example, a health club does not need a Social Security Number, nor does a veterinarian really need your driver’s license number.
Each item illustrates what businesses can do to reduce the risk of identity theft. It is your responsibility to be an aware consumer and select businesses according to how well they protect your identity. The ITRC Center provides best practices consultations to companies upon request. Contact the ITRC at firstname.lastname@example.org.
This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to email@example.com.