- In This Article
- It's your responsibility to be an aware consumer
- Many businesses ask for personal information that they don't need
- Businesses should consider employee and customer security
The businesses you frequent or work for should:
Conduct a criminal or civil background check before hiring employees who will have access to personal identifying information.
Provide cross-cut paper shredders at each workstation or cash register area or use a locked wastebasket and shredding company for the disposal of credit card slips, unwanted applications or documents, sensitive data or prescription forms.
Use an alternate number instead of Social Security numbers (SSN) for employee, client and customer ID numbers.
Never send out mail that includes your complete Social Security number.
Require health insurance providers to use an alternate number rather than the SSN for membership numbers on health insurance cards.
Train staff in security procedures for sending sensitive personal data by fax, email or telephone.
Keep sensitive information of consumers or employees on any item (timecards, badges, work schedules, licenses) out of view in public areas. That may include home addresses or phone numbers, SSN and driver’s license numbers.
Notify affected individuals in a timely manner in the event of a computer breach of a database that contains sensitive information.
Not request a customer give them a driver’s license, Social Security Card or other card with identifying information as a security for equipment or locker rentals.
Place photos on employee identification cards or badges for better identification and security.
Keep all personal data about employees and customers in locked cabinets and out of public areas.
Encrypt or password protect all sensitive data stored on computers and allow access only on a “need-to-know” basis.
Train their employees in how to receive personal identifying information from customers and clients without jeopardizing client security.
Notify consumers and employees in advance as to the purposes of the data collection, to whom it will be distributed and the subsequent use after the fulfillment of the original purpose.
Never ask for more data than absolutely necessary. For example, a health club does not need a Social Security Number, nor does a vet really need your driver’s license number.
Each item illustrates what businesses should do to reduce the risk of identity theft. If they are not, it may be time for you to speak up. It’s your responsibility to be an aware consumer.
Copyright © 2011, Identity Theft Resource Center®. All rights reserved. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to ITRC@idtheftcenter.org. This fact sheet should not be used in lieu of legal advice. This article is referenced as "Fact Sheet 102: Consumer Risk Test. Are the Businesses You Frequent Exposing You to Identity Theft?" on the Identity Theft Resources Center website.