August 14, 2014

Identity Theft Penalty Enhancement Act: What Every Company Needs to Know

Did you know that identity theft was the top Federal Trade Commission complaint registered by consumers?

Of the over two million complaints received in 2013, 290,056, or 14%, were identity theft related. American consumers reported losing over $1.6 billion to fraud in 2013.

Identity theft has actually been a problem for years.  

“For decades, fugitives have changed identities to avoid capture, and check forgers have assumed the identity of others to negotiate stolen or counterfeit checks,” said Dennis Lormel of the FBI in testimony from 2002 to the Senate Judiciary Committee in Washington. “Advances in computer hardware and software along with the growth of the Internet has significantly increased the role that identity theft plays in crime.”

Lormel was testifying in support of an amendment to the Federal Criminal Code called the Identity Theft Penalty Enhancement Act.

While identity theft already was a federal crime, the Identity Theft Penalty Enhancement Act would impose harsher punishments on convicted identity thieves, targeting those committing the theft but also potential users of stolen information in committing their own fraud.

When the Act was passed, it added two years to prison sentences for criminals convicted of using stolen credit card numbers and other personal data to commit crimes (“knowingly transferring, possessing, or using, without lawful authority, a means of identification of another person” during or in relation to specific felony violations). Also, it added five extra years to sentences of violators who used stolen personal data to commit terrorist offenses.

Because the Identity Theft Penalty Enhancement Act was created as a deterrent to identity thieves, there are no compliance regulations for businesses. However, there are safeguards that all workplaces can put in place to reduce the risk of identity theft.

What’s important to know in this case is that research has shown that workplace insiders are often to blame for data breach and identity theft incidents. Insider theft in 2013 increased 80% compared to 2012 figures according to the Identity Theft Resource Center. The number of data breaches attributed to employee error/negligence increased in 2013 by 72.7%.

How can a workplace keep private information private? Here are some guidelines:  

  1. Implement information security policies to ensure secure storage of sensitive information.
  2. Provide regular employee training in secure document handling and destruction. 
  3. Conduct security assessments to identity potential security risk areas. To identify threats in your workplace, take this online risk assessment.
  4. Utilize information protection tools on all computers.
  5. Introduce a comprehensive document management policy that tracks information from creation to destruction. Don’t keep information that you don’t need to keep.
  6. Limit access to personal information, and introduce protocols for sharing and disclosing information.
  7. Partner with a knowledgeable shredding company that provides a secure chain of custody including locked consoles for information that needs to be destroyed, and a certificate of destruction after every shred. The shredding company should provide secure hard drive destruction as well.
  8. Introduce a shred-all policy so that all information is destroyed when it is no longer needed. This simplifies the destruction process and reduces the risk of employee error.

Learn more about the Identity Theft Penalty Enhancement Act and ensure your business is in compliance.