Identity theft is one of the fastest growing crimes in the U.S. It occurs when someone steals your personal information, which can include your social security, driver's license and credit card numbers and so on. Entities that have had their databases compromised include the Department of Veteran's Affairs and University of Texas School of Business. The common fear among victims is that these thieves will use their personal data to access bank accounts, open new credit cards, obtain long distance calling accounts or take out loans.
In an effort to help fight identity theft, Congress added new sections to the federal Fair Credit Reporting Act (FCRA) when it passed the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Privacy, limits on information sharing, consumer rights to disclosure and accuracy are all addressed.
An Overview of FACTA:
- To self-monitor their credit history, consumers may obtain free copies of their credit report annually at www.annualcreditreport.com or by calling 877-322-8228.
- Businesses must leave off all but the final five digits of a credit card number on printed store receipts.
- Employers must destroy all information obtained from a consumer credit report before discarding it.
- Consumers who suspect they are the victims of identity theft need only to notify one of the three credit reporting services (Experian, TransUnion and Equifax) to initiate a nationwide fraud alert.
- Mortgage lenders must provide the credit score they use to determine a loan's interest rate, regardless of loan approval.
- Companies must provide training for their employees and document when it was completed. It should outline what the consequences are for any violations.
Reasonable measures of destruction of personal information include:
- Burning, shredding or pulverizing documents so they become impossible to put back together or read.
- Erasing electronic files that contain any consumer reports so they cannot be recovered.
After reviewing company practices to ensure that they are designed to reasonably protect personal information, some companies are hiring outside firms that specialize in destroying personal records.
- Civil liability - An employee can recover actual damages sustained if their identity is stolen from an employer. Or an employer could be liable for statutory damages up to $1,000 per employee.
- Class action lawsuits - If a large number of employees are impacted, they may be able to bring class action suits and obtain punitive damages from employers.
- Federal fines - An employer can be fined up to $2,500 per violation.
The law applies to any business that collects personal information or consumer reports about customers or employees to make decisions within their business. This most definitely applies to real estate brokerage offices. All records should be stored in a secure method so as to protect all personal data relating to agents and most definitely data pertaining to clients. Look at the next step in protecting your company from potential liability.
According to the FTC, a reasonable plan for a company to safeguard personal information includes:
- Designating an employee to coordinate and be responsible for the security program.
- Identifying material internal and external risks to the security of these personal data.
- Designing and implementing reasonable safeguards to control the risks identified in the risk assessment.
- Continually evaluating and adjusting the security plan in light of the results of ongoing monitoring and testing of the program, material changes to business arrangements.
- Creating a mitigation plan that kicks in when there is a privacy or security breach and there is a need to "repair it" immediately in the eyes of customers, government regulators and management.
Private individuals can take the following safeguard steps to protect their identity from theft:
- Burn or shred any financial papers, mail or credit reports that contain personal information. Never recycle that paper.
- Call 1-888-5OPT-OUT and request that credit card companies stop sending pre-approved credit card applications. Also, ask your credit card companies to stop sending you "convenience checks". These are sent monthly by your credit card companies and your contact to cancel these will most realistically need to be a monthly phone call until the message is implemented. In other words, keep after them until you get resolution.
- Invest in a shredder that can destroy credit cards, CDs and staples.
- Delete any e-mail that asks for personal information and instruct your employees and family members to do the same.
- Hang up on any telemarketers who ask for your personal information. Instruct your family members to do the same.
- Limit the number of credit cards you hold, both business and personal. Review your monthly statements, financial records and bank statements as soon as they arrive. The sooner you report a suspicious incident the better.
- Companies should advertise their privacy policies on their website.
- Use credit cards instead of debit cards. $50 is your maximum liability for credit cards.
Food For Thought:
Statistics show that if there is a security breach, 20% of your customers will no longer do business with you, 40% consider not doing business with you and 5% hire an attorney to sue your company.
For additional information, visit www.ftc.gov or call 877-FTC-HELP.
Owner and President,
Champions School of Real Estate