E-Commerce Glossary
E-commerce and small business
terms explained.
Search
Search | Careers | Contact us
Home Small Business Electronic Commerce Frequently Asked Questions Services
A wealth of information
Lupra.com is a non-profit website that contains hundreds of articles about doing business online and many other business-related issues.
... thanks for visiting us, Brian Lupra!
 Internet Security
 Internet Security
 How To Be Web Ready
 Shop Online Safely
 Shopping Online
 Tips for Safe Banking Over the Internet
 Safe Internet Banking - Protect Your Privacy
 The Federal Trade Commission's Approach to Online Privacy
 Privacy Online: A Report to Congress
 Children's Privacy
 Dialing Up to the Internet: How to Stay Safe Online
 High-Speed Internet Access
 Reducing Risks to your Computer
 Spyware
 Securtiy Products
 Privacy: Tips for Protecting Your Personal Information
 Privacy Choices
 Credit Card Fraud Prevention
 Media Ratings Systems
 Avoiding Web Service Scams
 Cramming: Mystery Phone Charges
 Modem Dialers
 International Telephone Scams
 Understanding Identity Theft
 Information Compromise
 Protecting Against Identity Theft
 When a Criminal's Cover Is Your Identity

 

 

Information Compromise and the Risk of Identity Theft:

Guidance for Your Business

These days, it is almost impossible to be in business and not collect or hold personally identifying information — names and addresses, Social Security numbers, credit card numbers, or other account numbers — about your customers, employees, business partners, students, or patients. If this information falls into the wrong hands, it could put these individuals at risk for identity theft.

Still, not all personal information compromises result in identity theft, and the type of personal information compromised can significantly affect the degree of potential damage. What steps should you take and whom should you contact if personal information is compromised? Although the answers vary from case to case, the following guidance from the Federal Trade Commission (FTC), the nation's consumer protection agency, can help you make smart, sound decisions. Check federal and state laws or regulations for any specific requirements for your business.

Notifying Law Enforcement

When the compromise could result in harm to a person or business, call your local police department immediately. Report your situation and the potential risk for identity theft. The sooner law enforcement learns about the theft, the more effective they can be. If your local police are not familiar with investigating information compromises, contact the local office of the FBI or the U.S. Secret Service. For incidents involving mail theft, contact the U.S. Postal Inspection Service. Check the blue pages of your telephone directory or an online search engine for the number of the nearest field office.

Notifying Affected Businesses

Information compromises can have an impact on businesses other than yours, such as banks or credit issuers. If account access information — say, credit card or bank account numbers — has been stolen from you, but you do not maintain the accounts, notify the institution that does so that it can monitor the accounts for fraudulent activity. If you collect or store personal information on behalf of other businesses, notify them of any information compromise, as well.

If names and Social Security numbers have been stolen, you can contact the major credit bureaus for additional information or advice. If the compromise may involve a large group of people, advise the credit bureaus if you are recommending that people request fraud alerts for their files. Your notice to the credit bureaus can facilitate customer assistance.

If the information compromise resulted from the improper posting of personal information on your Web site, immediately remove the information from your site. Be aware that Internet search engines store, or “cache,” information for a period of time. You can contact the search engines to ensure that they do not archive personal information that was posted in error.

Notifying Individuals

Generally, early notification to individuals whose personal information has been compromised allows them to take steps to mitigate the misuse of their information. In deciding if notification is warranted, consider the nature of the compromise, the type of information taken, the likelihood of misuse, and the potential damage arising from misuse. For example, thieves who have stolen names and Social Security numbers can use this information to cause significant damage to a victim's credit record. Individuals who are notified early can take some steps to prevent or limit any harm.

When notifying individuals, the FTC recommends that you:

  • consult with your law enforcement contact about the timing of the notification so it does not impede the investigation.
  • designate a contact person within your organization for releasing information. Give the contact person the latest information about the breach, your response, and how individuals should respond. Consider using letters (see sample below), Web sites, and toll-free numbers as methods of communication with those whose information may have been compromised.

It is important that your notice:

  • describes clearly what you know about the compromise. Include how it happened; what information was taken, and, if you know, how the thieves have used the information; and what actions you have taken already to remedy the situation. Explain how to reach the contact person in your organization. Consult with your law enforcement contact on exactly what information to include so your notice does not hamper the investigation.
  • explains what responses may be appropriate for the type of information taken. For example, people whose Social Security numbers have been stolen should contact the credit bureaus to ask that fraud alerts be placed on their credit reports.
  • includes current information about identity theft.
  • provides contact information for the law enforcement officer working on the case (as well as your case report number, if applicable) for victims to use. Be sure to alert the law enforcement officer working your case that you are sharing this contact information. Identity theft victims often can provide important information to law enforcement. Victims should request a copy of the police report and make copies for creditors who have accepted unauthorized charges. The police report is important evidence that can help absolve a victim of fraudulent debts.
  • encourages those who discover that their information has been misused to file a complaint with the FTC at www.consumer.gov/idtheft or at 1-877-ID-THEFT (438-4338). Information entered into the Identity Theft Data Clearinghouse, the FTC's database, is made available to law enforcement.

 
Home  |  Small Business  |  Ecommerce  |  Glossary  |  Country Information  |  Network Marketing  |  Internet Security  |  Intellectual Property
Business Immigration  |  Equal Opportunity  |  Occupational Safety and Health  |  Marketing and Advertising  |  Industry Information
Copyright © 2004 All rights reserved.

Disclaimer: This website is not intended to provide professional advice or be a substitute for professional advice concerning specific questions or situations. It is our intent to provide general information for educational purposes only. If you have a specific question or situation, we strongly recommend that you seek advice from a properly qualified professional such as a lawyer or accountant. While we take reasonable care, mistakes can happen and we cannot guarantee the accuracy of information on this website. Furthermore, laws are constantly changing and information on this site may not be 100% up-to-date. Laws also differ from country to country and even from state to state. It is thus imperative that you do not rely in information presented on this site, but always check with a qualified professional.