| Almost every day, we read or hear something in | | | | business suffers; it is a victim, but most people do |
| the news about the latest loss or theft of | | | | not see it that way. They see the business of the |
| customer or employee information. In the past | | | | offender because they did not protect the |
| few years, identity theft has grown exponentially, | | | | information enough to prevent it from being lost |
| due in part to the relative ease to commit such a | | | | or stolen. |
| crime and its low conviction rate. Accordingly, | | | | Costs of Identity TheftFederal Trade Commission |
| organized crime now leads the way in identity | | | | Chairman Majoras testified before Congress that |
| theft crimes. | | | | thieves rack up $53 billion a year in identity theft. |
| The term Identity Theft is often used to refer to | | | | Consumers are stuck with $5 billion directly, while |
| several related concepts: information loss or | | | | businesses are saddled with the remaining $48 |
| breach, information theft, and fraud. Personal | | | | billion. In individual cases of identity theft, the |
| information can be lost or compromised with or | | | | average dollar amount charged ranges between |
| without malicious intent. Most data breaches occur | | | | $40,000 and $92,000, according to the Identity |
| these days due to insufficient systems security. | | | | Theft Resource Center. Laws hold victims partially |
| In 2005 alone, there were over 50 million records | | | | responsible for fraudulent debt after 48 hours, |
| lost due to computer data breaches, and that is | | | | and hold them fully responsible if not reported |
| not including the 92 million records that one | | | | within 60 days. |
| company's employee sold to thieves. | | | | Indirect costs of identity theft to businesses |
| Why So Prolific? | | | | include the time employees must take to restore |
| Our personal data is stored in electronic and paper | | | | their identity should they become a victim of |
| form in hundreds of databases, accessible by | | | | identity theft, 200 to 600 hours on average. |
| many, many people. Technology designed to | | | | Additionally, if lost information is traced back to a |
| make life, work, and commerce easier also | | | | business, it will be held liable. Plaintiffs in identity |
| makes hacking drastically easier and possible on a | | | | theft lawsuits may seek class action status and |
| massive scale. As well, the personal anonymity of | | | | often seek monetary, statutory and punitive |
| online transactions enables easy impersonation | | | | damages. |
| while using stolen data. Recent successful thefts | | | | In terms of information theft due to employee |
| of tens of millions of identities from huge | | | | fraud, small companies get hit much harder than |
| corporate databases may also spur or encourage | | | | larger ones. A company with fewer than 100 |
| similar future thefts or copycats. | | | | employees that experiences employee fraud |
| In the Workplace | | | | suffers a median loss of $98,000, according to a |
| The number one underlying source of identity | | | | study from the Association of Certified Fraud |
| fraud is theft of records from employers | | | | Examiners. That is more than midsize businesses, |
| (businesses), according to a study by TransUnion. | | | | and close to the $105,500 loss typical in |
| A Michigan State University study confirms this: | | | | companies with more than 10,000 employees. |
| an estimated 70 percent of identity crimes in the | | | | Acting in Good Faith |
| U.S. start with theft (or loss) of personal data by | | | | The best way for businesses to minimize their |
| an employee. And while most businesses think of | | | | risks associated with loss and theft of customer |
| customer records as the most valuable, what are | | | | and employee information is to put safeguards in |
| lost or stolen with increasing frequency are | | | | place before they suffer a breach. There are a |
| employee records. | | | | variety of federal and state legislation that require |
| Seventy percent of small businesses consider | | | | businesses protect non-public information about |
| information security a high priority, and more than | | | | their customers, employees and vendors. |
| 80 percent exhibit confidence in their existing | | | | According to Betsy Broder, assistant director of |
| protective measures. However, more than half of | | | | the FTC's Division of Privacy and Identity |
| these small businesses have experienced one or | | | | Protection, businesses need to have a plan in |
| more security incidents in the past 12 months, | | | | writing describing how customer data is to be |
| making perception at odds with reality, according | | | | secured and an officer on staff responsible for |
| to a survey by the Small Business Technology | | | | implementing that plan. "We are not looking for a |
| Institute. Additionally, 74 percent of small | | | | perfect system, but we need to see that you |
| businesses do not even have an information | | | | have taken reasonable steps to protect your |
| security plan. | | | | customer's information." says Broder. |
| Businesses Suffer | | | | Once an information security plan is established, |
| When a customer is a victim of identity theft or | | | | businesses need to ensure their employees |
| data loss, the business suffers along with the | | | | understand what is included in the plan and their |
| victim. Monetary losses of goods and services are | | | | responsibilities for safeguarding information. This is |
| often compounded by chargebacks. Then there is | | | | best accomplished through employee training. |
| the loss of customer trust, and in turn, loss of | | | | Businesses can also consider identity theft |
| customers. According to CIO magazine, after a | | | | protection as a voluntary benefit to help protect |
| breach, 20 percent of customers sever all ties | | | | their employees. |
| with the company, 40 percent say they consider | | | | An effective information security program need |
| doing the same, and another 5 percent will be | | | | not be elaborate or expensive. The key is to take |
| hiring lawyers. | | | | action before identity theft strikes. |
| When data loss and identity theft occur, the | | | | |