Guide helps businesses protect your privacy
The New York State Consumer Protection Board has issued its first "Business Privacy Guide: How to Handle Personal Identifiable Information and Limit the Prospects of Identity Theft."
The Business Privacy Guide and additional information about privacy, data breach, security freeze and other identity theft related materials may be found on the CPB’s website at www.nysconsumer.gov along with other consumer and business tools, including training materials on Do Not Call compliance for business.
Many businesses collect and retain sensitive personal information such as names, addresses, Social Security numbers, credit card and other account numbers. New laws at the federal and State levels make it imperative that businesses protect such personal information and limit retention and usage, CPB officials said. So as part of Identity Theft Awareness Week, it issued the guide.
Identity theft is the most common consumer fraud complaint in the United States affecting approximately ten million Americans and costing businesses more than $40 billion each year. According to the Michigan-based Ponemon Institute’s 2007 Annual Study: "Cost of Data Breach," the average data breach today will cost a business $192 per incident, and 33 percent of consumers surveyed stated that they would cut ties with a company that had a data breach.
The Guide provides key information and guidelines for business, among which are:
Develop a written privacy plan for your business.
Do not collect or retain any personal information that does not have a legitimate business purpose.
Limit access to personal information to those who need it for a legitimate business purpose.
Restrict the collection, use and retention of Social Security numbers to help prevent the unauthorized exposure of personal information in the event of a data breach.
Never post an employee’s or a customer’s Social Security number or print it so it’s visible on an identification badge, time or membership card.
Remove the expiration date and all but the last five digits of credit card numbers from customer receipts.
Lock papers, documents, disks and files containing personal identification information.
Install firewalls, anti-virus and anti-spyware software to secure networks and computers.
Password-protect laptops and encrypt sensitive information.
Prepare for a data breach by planning ahead.
Develop a communications strategy in case of a breach.
Learn New York State, federal and other State privacy laws if you do business with them.
Require new employees to read and understand your written privacy plan.
Institute regular training on privacy policies.
Compel contractors to adhere to the same privacy policies and practices of your business.
The CPB, established in 1970 by the state Legislature, is the state’s consumer watchdog and think tank. The CPB’s core mission is to protect New Yorkers by publicizing unscrupulous and questionable business practices and product recalls; conducting investigations and hearings; enforcing the Do Not Call law; researching issues; developing legislation; creating consumer education programs and materials; responding to individual marketplace complaints by securing voluntary agreements; and, representing the interests of consumers before the Public Service Commission and other State and federal agencies.
To file a consumer complaint with the NYS Consumer Protection Board (CPB), call our toll-free hotline at 800-697-1220 or visit CPB’s website at www.nysconsumer.gov.
On the net: www.nysconsumer.gov