Liability for Identity Theft - Time to Worry?

    With all of the recent high-profile privacy breaches (e.g., ChoicePoint, etc.), many pundits are speculating that identity theft may give rise to a wave of lawsuits against companies that fail to properly handle or secure personally identifiable information.  Corporate Counsel magazine has an excellent article on the topic that is a must read if your company collects, stores or otherwise utilizes PII.  The article contains a number of tips including the following:

    "Only hold personal data you need.
    Nonessential data can be a liability rather than an asset. Do you
    really need customers’ Social Security numbers? Do you have to store
    their credit card numbers forever? Avoid gathering nonessential
    personal data, archive it after use rather than storing it in readily
    accessible customer master files, and discard or archive data for
    inactive accounts.

    Keep personal data secure. Store data securely,
    preferably in encrypted form. Avoid storing personal data on laptops,
    PDAs and other mobile devices. Limit access to only those who need it.
    Have a full audit trail of who accesses each record. Restrict
    large-scale downloads and monitor employees for unusual access volume
    or timing. Ensure good physical as well as information systems security
    over personal data. Consider the security aspects of how you transmit
    personal data to customers and employees. Sending thousands of letters
    or e-mails with such data is asking for trouble, as they may be
    intercepted.

    Do what you say you’ll do. Only promise employees
    and customers a level of personal data security that you can deliver.
    Whatever you promise, ensure you adhere to it.

    Make security a priority with your employees.
    Background checks are essential on all employees who will have access
    to personal information. This will not guarantee that you will be
    protected from employee theft — studies show that employees who commit
    white-collar crime tend to be first-time offenders — but it will help
    protect you from predatory employees."

    Don’t forget to get your free subscription to their magazine!

* Like this? Subscribe to this blog and get periodic updates of in-house counsel news and jobs. *

Related Posts:
Potential Business Liability for Failure to Secure Consumer Data
Data Security: The Time Is Now
The Most Overlooked Component of Data Security: Your Employees
How To Respond To Data Breaches
EU Approves Clauses for International Data Transfer



Leave a Comment

    Inhouse Counsel Jobs