It is almost impossible to be in business and not collect or hold personally identifying information — names and addresses, Social Security numbers, etc., about your customers, employees or patients. If this information is lost or stolen, it could put these individuals at risk for identity theft.
However, not all compromises of personal information result in identity theft. The type of personal information compromised can significantly affect the degree of potential damage. What steps should you take and whom should you contact if personal information is compromised? Answers vary depending on the situation; however, the following information can help you make smart, sound decisions. Check federal and state laws or regulations for any specific requirements for your business.
Here are three important steps to take when you first realize your business has encountered a data security breach.
- Notify law enforcement - When the compromise could result in harm to a person or business, call your local police department immediately. Report your situation and the potential risk for identity theft.
- Notify affected businesses - Information compromises can affect other businesses, such as banks or credit issuers. If names and Social Security numbers have been stolen, you can contact the major credit bureaus for additional information or advice.
- Notify individuals - Generally, early notification to individuals whose personal information has been compromised allows them to take steps to mitigate the misuse of their information. If SSNs have been compromised, individuals should follow the recommendations outlined by the Taxpayer Guide to Identity Theft.
Other resources for businesses facing a data security breach.
- The Federal Trade Commission, the nation's consumer protection agency, provides guidance to businesses regarding information compromise.
- The IRS also provides information on safeguarding taxpayer data and victim assistance.