The Gateway to Education, Information and Technology

Information Compromise and the Risk of Identity Theft: Guidance for Your Business

W-9 and social security numbers
Information Compromise and the Risk of Identity Theft: Guidance for Your Business
These days, it is almost impossible to be in business and not collect or hold personally identifying information — names and addresses, Social Security numbers, credit card numbers, or other account numbers — about your customers, employees, business partners, students, or patients. If this information falls into the wrong hands, it could put these individuals at risk for identity theft. http://www.ftc.gov/bcp/conline/pubs/buspubs/idtrespond.htm

Illinois; Personal Information Protection Act. Provides that any data collector that owns or uses personal information in any form, whether computerized, paper, or otherwise, that includes personal information concerning an Illinois resident shall notify the resident that there has been a breach of the security of the system data following discovery or notification of the breach, without regard for whether the data has been accessed by an unauthorized third party for legal or illegal purposes. Provides that the notification required pursuant to the Act may be delayed if a law enforcement agency determines that the notification may impede a criminal investigation. Amends the Consumer Fraud and Deceptive Business Practices Act. Provides that a violation of the Personal Information Protection Act is a violation of the Consumer Fraud and Deceptive Business Practices Act.

Are you complying with the FACT Act? The Federal Trade Commission’s new rule requires businesses to take appropriate measures to dispose of sensitive information derived from consumer reports and outlines specific methods for destroying the information. According to the rules: “any business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule.” Read more about this special provision in the Fair and Accurate Credit Transaction (FACT) Act in an FTC Business Alert. http://www.ftc.gov/bcp/conline/pubs/alerts/disposalalrt.htm
FACT Act sheet published by NAR: http://www.realtor.org/fedistrk.nsf/files/dispruleqa.pdf/$FILE/dispruleqa.pdf

The Safeguard Rule/GLB Act: http://www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.pdf

Example Of Types Of Personal Information That Should Be Protected

· Social Security Number
· Financial Information (Such as credit cards and bank account information)
· Medical History
· Employment Records
· Credit Reports
· NRDS Identification Number
· State Real Estate License Number
· Home Address and Phone Number
· State Driver’s License Number
· Date of birth, place of birth
· Fingerprints
· Mother’s maiden name