There hasn’t been some large scale hacking story in the news, so I guess all identity theft issues have been solved.

Thanks, it’s been real.

Uh, not so fast.

It’s just a matter of time until we’ll hear about another hacking. While the large scale occurrences are the ones that typically make the news, data compromises can happen anywhere and anytime where there is sensitive data stored, including social security information.

With hackings and the like becoming commonplace, they become less newsworthy while the ramifications of the crime remain the same.

The time to take a look at the safeguards you have in place at your business is not when you learn that information has been hacked or compromised.

Much too often we do not hear of businesses taking a proactive response to the threat of identity theft. It is not until information has been compromised that entities then decide to “identify gaps” and place stronger policies or mechanisms in place.

You need to assess those weak access points yesterday.

A good place to start is to address some basic questions including:

• What data do you require that could be deemed “sensitive”?
• Is it vital for your organization to collect this information?
• Where is sensitive data stored?
• How is sensitive data protected?
• How long is sensitive data retained?
• How is sensitive data destroyed?
• Who has access to sensitive data?
• Who is ultimately responsible for monitoring the protection of captured sensitive data?
• Do you have a sensitive data policy that you communicate both internally and externally?

I've posted these nine questions in a one-page document that you can use as a worksheet to get started.