Identity theft legislation that could put you out of businessBill GuytherIdentity theft legislation
Did you know that about 70 percent of all identity theft cases
originate from information stolen from a workplace? Companies all
across the U.S. are being breached on a daily basis. Privacy Rights
Clearinghouse is reporting that since February 2005, nearly 91
million data records of U.S. residents have been exposed due to
security breaches. Because of this, the U.S. Congress has
implemented and is starting to enforce legislation to try to combat
the problem. The premise behind most of these legislations is to
get businesses to work harder to protect non-public
information.
Some of this legislation includes, but is not limited to, the
Fair and Accurate Credit Transactions Act, the Health Insurance
Portability and Accountability Act (HIPAA) Security Rule and the
Gramm-Leach-Bliley (GLB) Safeguard Rule—this one specifically
names lenders and brokers. These legislations hold businesses
accountable if there is a breach that results in the loss of
non-public information. Some of the penalties that small businesses
face as a result of these laws include but are not limited to fines
up to $1 million per occurrence, up to 10 years of jail time for
company executives and removal of management. As you can see, this
is not something to be ignored because it could literally put a
business out of business.
In a discussion I had with Scott McQuay, owner of Quail Hollow
Financial Services in Charlotte, N.C. about what we can do to get
his company in compliance with these laws at no cost, I asked him
how many times one of these legislations would have to be enforced
on him before it put him out of business. He replied, "Just
once."
Both the GLB Safeguard Rule and the HIPAA Security Rule require
businesses to appoint an information security officer, have a
written policy to protect non-public information and provide
mandatory training for employees who have access to non-public
information. As reported in Business and Legal Reports in January
2006, "One solution that provides an affirmative defense against
potential fines, fees and lawsuits is to offer some sort of
identity theft protection as an employee benefit. An employer can
choose whether or not to pay for this benefit. The key is to make
the protection available and have a mandatory employee meeting on
identity theft and the protection you are making available, similar
to what most employers do for health insurance."
How does this help? It's a good faith measure. Betsy Broder of
the Federal Trade Commission said, "We will act against businesses
that fail to protect their data." She understands that most small
businesses cannot be expected to hire full-time privacy
specialists, but added that all businesses must be able to show
they have a security plan in place. "We're not looking for a
perfect system ... But we need to see that you've taken reasonable
steps to protect your customers' information."
So, why is this important for you—a small-business
mortgage broker or lender—to be aware of? The larger
companies in our country are investing big dollars into high-end
security measures, making it harder and harder for hackers and
identity thieves to access their non-public information. So,
identity thieves are working more where the information is easier
to access. It's kind of like a burglar going into a neighborhood
with the intention of breaking into someone's home and five out of
the six houses in the neighborhood have security system signs in
the yard. Which house do you think he would break into? Obviously,
it is easier to follow the path of least resistance and break into
the one without the sign.
Get a firm understanding of the important legislation discussed
in this article. The Federal Trade Commission (FTC) is a great
resource with a tremendous amount of information. Visit the FTC's
identity theft Web site at www.ftc.gov/bcp/edu/microsites/idtheft.
Bill Guyther is an identity theft solutions specialist based
in Lowell, N.C. He can be reached at (704) 823-1703 or e-mail
[email protected].
