FOUR YEARS AGO a USAtoday article about shredders said, "Identity theft is the fastest-growing crime in the USA, according to the National Crime Prevention Council. About 7 million people (ed.,now nearly 10 million/ yr) had their identities stolen in the year ended July 2003, according to two studies done by Gartner Research and Harris Interactive. Each will spend an average of $1,495 and 600 hours getting his or her finances straightened out, according to the Identity Theft Resource Center. And that's not counting lawyers' fees."
So the laws regarding shredding, pulverizing, smashing, electronic wiping went into effect with the FACT Act of 2004. It states, "Employers must destroy information derived from a consumer credit report before discarding it." It became effective on June 1, 2005. Other acts such as Gramm-Leach-Bliley (GLB) and HIPAA (not just for the medical industry anymore), also require you to appropriately handle/destroy consumer info (and has been enlarged to include Employee and Vendor info) applies to any size business or any individual who has personally Identifiable. And there are penalties. I DIDN'T KNOW!!!
Shredding is good, but if Non-Public Information (NPI) or Personally Identifiable Information (PII) still gets out, there are penalties. According to NAID, and other legal sources:·Civil liability: Employees could be entitled to recover actual damages sustained if their identity is stolen as a result of your lack of sufficient protections. Or you could have to pay statutory damages of up to $1,000 per employee. There are state laws that could apply, too. ·Class-action lawsuits. If large numbers of employees or clients are affected, they may be able to bring class-action lawsuits and get punitive damages from employers. And there are NO statute of limitations here. ·Federal fines. The federal government could fine you up to $2,500 for each violation.·State fines. States can fine up to $1,000 for each violation.
Other laws, such as GLB allow fines up to $1,000,000.00 per incident, removal of managment and/or Leadership (just like the NCAA removes coaches &/or ADs)
This makes investing in a quality shredder - about $25 to $299 for a personal shredder to over $2,000 for an office or contracting with a shredder company- very worth it. Remember, these figures don't include lawyers fees; you may be responsible for both sides.
What does this mean to you? For Individuals: you cannot depend on trash collectors to properly dispose of sensitive info. SHRED NOW! You only need to shred docs containing your name and any personal info. So, if you get a magazine, only shred the page with your labeled address, unless the inside contains your info. However, if a Credit Card Company (CCC) sends you an application and you only shred the envelope or front page, be aware that sometimes CCCs print your info ON THE APP itself! Make sure you shred that, too
For Businesses: shredding is just one issue mandated by law. AND your insurance company may not protect you if you flout the laws. What about your people? Are they protected? Do you have NPI/PII policies and procedures in place? Are your people trained in Identifying ID Theft per FTC requirements? Have they been certified? Do you offer ID Theft Legal benefit plans? Or are you out of compliance with FTC regs? And unprotected from legal challenges? It does not cost much to get into compliance, it costs a lot, including possibly your freedom, to be out of compliance. Call Dan 502-554-2397 for free training.
No comments:
Post a Comment