Identity Theft is the fastest-growing crime in America and it is destined to get worse before it gets better. How do we know? Just look at the facts here in Alabama.
The Federal Trade Commission complies statistics every year regarding identity theft complaints per 100,000 residents. In 2007, Alabama ranked#37 nationally. We rose to #35 in 2008 and in 2009, we were #27. According to the March 11, 2011 issue ofThe Birmingham Business Journal, Alabama had risen to #15 nationally in identity theft complaints. To move from #37 to #15 may be great for college football teams, but with identity theft complaints it means we are going the wrong way!
How does this impact Big "I" insurance agency members? It has a monumental effect on the way we do business in the present day as well as moving forward.
In 2003, Congress passed the Fair & Accurate Credit Transactions Act (FACTA). There are two key components to this legislation. First, it required that every American have the opportunity to receive a free copy of his/her credit report once a year from each of the three credit reporting agencies. Second, any businesses that accepted debit or credit cards were required to "truncate the numbers," that is "xxxx" out all but the last four digits on the cards/ receipts along with the expiration date.
The section of the legislation affecting agencies is this... effective July 1, 2005, every business owner-whether public or private, for profit or non-profit, or employing any number of employees - must be taking "reasonable measures" to insure that non-public information is not compromised. If a customer, client, vendor, contractor, employee or prospective employee can trace the theft of their identity to your agency, you could incur serious liability.
Furthermore, in the last few years, the FTC added the "Red Flags Rule." This stipulates that any business running credit on another individual or business is required to supply training for all employees regarding the handling of sensitive and non-public information. The deadline for implementation of this training was December 31, 2010.
This by no means states that all agencies need to undergo Identity Theft Risk Management Training with specific emphasis on the Red Flags Rule. First, if your agency runs credit on individuals and/or businesses as part of your daily functions, you might want to check into whether or not this training applies to you and your employees. Second, even if it not required by law, doesn't it just make good business sense to train all your employees on the handling of personal identifying information that could compromise someone's identity and discuss your course of action if the unthinkable did occur?
Here are some items to think about to protect your clients' personal data:
How are your files stored? Do the files that need to be secured have locks on them? Are you logging off of computers before leaving the office for lunch, going to the restroom, leaving at the end of the day? Is your website secure and or encrypted? Are your emails encrypted? Who empties trash cans every evening? Are those individuals trustworthy? Are sensitive items discarded appropriately?
These are just common sense tactics that can go a long way to insure the safety of information in your agency. When was the last time you trained your employees in this area of identity theft risk management? Make a point to do so before the end of the year.
This article is written by Jimmy Parrish of TBG Fraud Solutions in Birmingham. Jimmy is a Certified Identity Theft Risk Management Specialist. A 12-year veteran of the identity theft industry, he is an Associate Member of AIIA and offers identity theft risk management train to business accounts of all sizes in 27 states. Contact Jimmy at 205.585.8595.