Identity Theft does not occur serendipitously. 

There are many points of responsibility.

Let’s examine these areas:

1. Your personal information. 

            Yep, if you are a person, you have identifying information – this covers everyone. So, invest in yourself throughout your life in a positive way. Do this so that you want to continue to identify as you and only you and don’t become a criminal in the future stealing someone else’s identity, including mine (thanks!).

2. Where you store personal information.

            Where do you store the personal information that you have control over? Personal information includes social security number, date of birth, address, financial information (credit card, bank, etc.). Do you store this sensitive data in a locked filing cabinet or drawer, a safe, etc.? You are responsible at this point for making sure that your information and dependent’s information is kept in a safe place. What might not be a safe place? Top of refrigerator, in a pile, thrown in the trash (without shredding), vehicle, a computer – yes, I would categorize a computer as not a safe place. You must be very diligent in how you store information on the computer. Good rule of thumb – if it is on the computer, the whole world may be able to access the information. 

3. With whom do you share personal information?

            If you remember nothing else – remember this – just because an official looking document, or an official looking person, or an official looking place asks you for your (or your dependents) social security number – DOES NOT MEAN TO HAND IT OVER. (Side note – When we see stories about identity theft there is inevitably a picture of a scary masked person hunched over a computer in a dark room looking up to no good. Well, guess what. Nice looking people and places can steal your identity too – or at least not be protecting it as they should.) While there are many places that will ask you for personal information, that DOES NOT MEAN IT IS REQUIRED. (Then why do they ask for it? Because they can. Not because they should.) So, always – ALWAYS – ask why the personal information is required (chances are, it’s not). Better yet, do your homework and decide if the entity must be provided the information.

4. Who collects personal information?

We’ll term “an entity” as many things here – business, doctor’s office, school, non-profit, hotel, church, etc. When an entity asks for personal information, it had better be necessary. If necessary, mechanisms and protocol to protect the personal information it has now assumed responsibility must also be in place.  

5. When personal information is compromised, who suffers?

If personal information that an entity holds is accessed fraudulently that simply means that the appropriate safeguards were not in place – otherwise, the information would not have been accessed. Guess what an entity loses? The ability to call themselves a victim. Here, the true victims are the people who entrusted their information only to find themselves at risk. Instead, an entity can explore the definition of accessory to a crime.

6. When do you break the news?

If and when personal information that an entity has is compromised, report it immediately. Three months down the road to favor your timeline of preferred events so that you can plan which ala carte of canned response to the crisis is not immediately.   

7. Practice safeguards on both sides of the transaction.

This is a biggie. Read this one twice. Not only should an entity closely monitor the personal information it has, it should vet the personal information it receives during a transaction. Stolen personal information has no value to a criminal if it cannot be used to access goods and services. 

Integrating the latest in technology into the stream of the engagement process (with customers) – including point-of-sale –without any understanding of the technology itself can infinitely increase the chance of personal information being accessed and fraudulent personal information being used.

photo by Marta Tycinska