With all the concern about identity theft these days, more and more consumers are trying to understand what information to protect, and how to protect it. The most common advice is to buy a shredder for your home, and subscribe to credit monitoring. These are both great ideas, and will definitely help you protect yourself from identity theft. However, credit monitoring doesn’t fix anything, and you can’t shred the information that is already out there. You can be careful about the information you share and who you share it with, but the bottom line is that we don’t control our own information once we give it out. Maybe the solution is to just say something….
Some believe the answer lies in regulating businesses that collect our information. To this end, there have been several laws put in place such as FACTA, HIPAA, and the Fair Credit Reporting Act. But the laws are only as good as the people who enforce them. Most businesses still don’t understand their responsibilities toward their clients. And data breaches aren’t a major concern to most companies until it happens to them. If the company doesn’t have the money to upgrade their point of sale machine to be compliant with Federal laws, they won’t stop using the machine because they still need to make money. The system upgrades get pushed back a month, and before you know what another year has gone by with no problem and no real reason to worry about there being one. So most companies will not address the issues until they have had a breach, and then of course it’s too late.
The Federal Trade Commission has the job of making sure companies are obeying Data Security laws. They are also responsible for investigating data breaches which are reported on nearly a daily basis and just like any other organization they have limited resources so it is impossible for them to do much more than put out fires.
But as a consumer, you still have plenty of power – a recent visit to a local food bank taught me that. The next week I sat down with the Director of the facility and we had a great conversation about the issues I had brought up. Monday morning, all of the employee’s were brought together for a mandatory training about the food pantry policy toward personal information. Adjustments were made to follow the policies were closely, and your Guide was invited to talk with the Board of Directors, as well as an informal group representing food pantries across the city. All of this, just by pointing out the problems I saw. Overall, it was an exemplary display of being proactive with concerns.
The point is, it doesn’t take an Act of Congress, or the threat of fines and penalties to get business owners to pay attention to protecting personal information, and make no mistake that is how to prevent identity theft, or at least slow it down. Most business owners want to keep their clients happy, and when you tell them something does not make you happy, they will usually try and fix it. This is the true power of the consumer – we all vote with our dollars, and while the government takes what it wants through taxes, businesses know they are competing for our money.
To help prevent identity theft, when you walk into a business, tell somebody if you see a problem. Here’s a short list of key things to look for:
What’s on the desk? What is lying on the desk in front of you? Do you see bank account numbers or social security numbers? Ask yourself if you would be alright when someone else sees your information lying on that desk. If you’re not OK with it, point it out to them. If they don’t care ask to talk to their supervisor.
What’s in the trash? It’s not necessarily fun to do, but it is worthwhile to at least look in a company’s dumpster. The big question is, is it locked? If it is, it may be used to dispose of personal information. Again, ask someone. It’s not hard to cut off a lock, and identity thieves have been known to dumpster dive. If it’s not locked, look inside. CVS settled a class action suit recently, because their stores were throwing sensitive information in the trash for anyone to take. Insurance agents, medical providers, tax preparation companies, all of these have made the news in the past couple of years for improperly disposing of personal information. Tell the store manager. Tell the district manager. Call the corporate office.
Where is the shredder? Is there a shredder anywhere around? If there is, you know the company has at least thought about the problem. This is a big indication that if you tell someone about what you see, something will be done about it, like what happened with the food pantry. If you don’t see a shredder, ask if they have one.
What’s their policy? If you’re going to do business with a company, it’s a good idea to know how they handle your information. This is all covered in a privacy policy, which every company is required to have, and required to give you if you ask for it.
Although it has not hit the scale of a full blown social reform yet, more and more people are looking at things like this and being proactive with how their information is used. Politicians can make laws that Federal courts defang, and Federal agencies cannot enforce, but the real protection will come when everyone pays attention and decides to say enough is enough.
