Monday, June 27, 2005

Employer ID Theft Prevention Tip

Effective earlier this month (6/1/05), any business or
employer that uses consumer information derived from a
credit report directly -or- indirectly must now meet
tougher standards for proper disposal.

Failure to dispose of discarded consumer information
in a way that will keep it out of the hands of
identity thieves, can result in substantial fines &
liability:

  • Civil liability. An employee whose identity is
    stolen as a result of an employer's failure to comply
    with the new rule could be entitled to recover actual
    damages sustained — or the employer could be hit with
    statutory damages of up to $1,000 per employee.
  • Class action. If large numbers of employees are
    affected, they could file a class action lawsuit under
    the new rule, and could be awarded punitive damages
    from their employer.
  • Federal and state fines. An employer could be
    fined up to $2,500 for each violation by the U.S.
    government. In addition, states can fine up to $1,000
    for each violation.

According to the Federal Trade Commission, the FACT
Act requires any business -or- employer (even if only
person is employed) must "take reasonable measures" to
protect against unauthorized access to or use of the
consumer information in connection with its disposal.

In case you're wondering what "reasonable measures"
might include, the Disposal Rule specifies three
possible ways to comply:

  1. Burning, pulverizing, or shredding of physical
    documents
  2. Erasure or destruction of all electronic media
  3. Entering into a contract with a third party
    engaged in the business of information destruction
    Many small business owners are referring to the new
    rule as the "shredder law".

The key learning on the FACT Act is that it opens up a
much wider definition of who is now responsible to
safeguard consumers against identity theft.

For example, you can be sued for a $1,000 by an angry
nanny whose identity data was plucked from your trash
simply because you had not invested in a $50 shredder
to properly dispose of her personal credit
information.

Or if you're that nanny (and any employee of a business), demand the right to have your personal credit information or derivatives shredded to protect you from identity theft.

It's now the law!