Identity theft legislation that could put you out of businessBill GuytherIdentity theft legislation Did you know that about 70 percent of all identity theft cases originate from information stolen from a workplace? Companies all across the U.S. are being breached on a daily basis. Privacy Rights Clearinghouse is reporting that since February 2005, nearly 91 million data records of U.S. residents have been exposed due to security breaches. Because of this, the U.S. Congress has implemented and is starting to enforce legislation to try to combat the problem. The premise behind most of these legislations is to get businesses to work harder to protect non-public information. Some of this legislation includes, but is not limited to, the Fair and Accurate Credit Transactions Act, the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the Gramm-Leach-Bliley (GLB) Safeguard Rule—this one specifically names lenders and brokers. These legislations hold businesses accountable if there is a breach that results in the loss of non-public information. Some of the penalties that small businesses face as a result of these laws include but are not limited to fines up to $1 million per occurrence, up to 10 years of jail time for company executives and removal of management. As you can see, this is not something to be ignored because it could literally put a business out of business. In a discussion I had with Scott McQuay, owner of Quail Hollow Financial Services in Charlotte, N.C. about what we can do to get his company in compliance with these laws at no cost, I asked him how many times one of these legislations would have to be enforced on him before it put him out of business. He replied, "Just once." Both the GLB Safeguard Rule and the HIPAA Security Rule require businesses to appoint an information security officer, have a written policy to protect non-public information and provide mandatory training for employees who have access to non-public information. As reported in Business and Legal Reports in January 2006, "One solution that provides an affirmative defense against potential fines, fees and lawsuits is to offer some sort of identity theft protection as an employee benefit. An employer can choose whether or not to pay for this benefit. The key is to make the protection available and have a mandatory employee meeting on identity theft and the protection you are making available, similar to what most employers do for health insurance." How does this help? It's a good faith measure. Betsy Broder of the Federal Trade Commission said, "We will act against businesses that fail to protect their data." She understands that most small businesses cannot be expected to hire full-time privacy specialists, but added that all businesses must be able to show they have a security plan in place. "We're not looking for a perfect system ... But we need to see that you've taken reasonable steps to protect your customers' information." So, why is this important for you—a small-business mortgage broker or lender—to be aware of? The larger companies in our country are investing big dollars into high-end security measures, making it harder and harder for hackers and identity thieves to access their non-public information. So, identity thieves are working more where the information is easier to access. It's kind of like a burglar going into a neighborhood with the intention of breaking into someone's home and five out of the six houses in the neighborhood have security system signs in the yard. Which house do you think he would break into? Obviously, it is easier to follow the path of least resistance and break into the one without the sign. Get a firm understanding of the important legislation discussed in this article. The Federal Trade Commission (FTC) is a great resource with a tremendous amount of information. Visit the FTC's identity theft Web site at www.ftc.gov/bcp/edu/microsites/idtheft. Bill Guyther is an identity theft solutions specialist based in Lowell, N.C. He can be reached at (704) 823-1703 or e-mail [email protected].
About the author