Identity theft is one of the fastest-growing crimes in the United States. However, business owners need to be aware that consumers are not the only victims of identity theft efforts. Thieves target small businesses and large corporations to steal information for identity theft. A Willcox lawyer can help you protect your business from identity theft and respond to litigation regarding breaches and failure to protect client and customer information. Ways to protect a business from identity theft include:
Policies for Collecting Personal Information
Review your policies for asking clients or customers for their personal information. Limit the personal information you gather. If you do not need birth dates, Social Security numbers, and other information, don’t ask for it. Instruct employees on the proper procedures for gathering personal information, such as never doing so when others can hear and turning computer screens so they cannot be viewed by anyone else.
Protect the Personal Information You Gather
There are several steps necessary to secure the personal information a business collects. Restrict access to personal information. Only employees who need the information should have access. Vendors and customers should be limited from accessing areas that contain the personal information of customers, clients, and employees.
Secure personal information on computers and in the office. Computers should have the most advanced and current software to prevent hacks and data breaches, including spyware, firewalls, encryption software, and anti-virus software. Limit employees’ ability to access websites that are unrelated to your business. Also, restrict or prohibit an employee’s ability to download documents, images, or other data from the internet. Require multi-factor authentication to access computers and laptops.
Keep file cabinets and other physical storage methods locked. Limit access to documents containing personal information and the areas where the documents are stored.
Do not email or mail documents containing personal information to clients or customers. If you must include personal information, only include enough information for the client or customer to identify their personal information (i.e., the last four digits of a Social Security number).
Address when and how to provide personal information to third parties. Require that all third parties who receive personal information comply with privacy laws. Ask for background checks for third-party vendors who enter your company routinely.
Destroy Personal Information When No Longer Needed
Destroy documents and computer files containing personal information when it is no longer needed or required to be stored. Old documents should be destroyed using a cross-cut paper shredder as a minimum. Destroy old backups and computer disks. Before disposing of a computer or hard drives, wipe them clean with special software or magnetic cleaning, even if you will physically destroy the drives and device.
Develop a Data Breach Response Plan
Talk with our South Carolina business attorneys to ensure you understand your obligations and legal responsibility for protecting personal information. Additionally, ensure you understand the legal requirements for a data breach response plan. Your plan must comply with the law and offer your clients and customers as much protection and transparency as possible.
Learn More During a Free Consultation With Our South Carolina Business Attorneys
We are committed to helping you protect the business you built. Contact our law firm to schedule a free consultation with one of our South Carolina business attorneys. We offer a wide range of legal services for business owners.