Kroll Fraud Solutions Blog – A Dialogue on Data Security

Tomorrow is Data Privacy Day, an annual celebration to “raise awareness and generate discussion about information privacy,” according to The Privacy Projects, the nonprofit organization dedicated to facilitating the role of consumer privacy and data protection.

Officially recognized by both the U.S. Senate and House of Representatives, Data Privacy Day is observed nationally and worldwide. Events are scheduled not only for January 28th, but through the month of February and are designed to be an opportunity for dialogue amongst all stakeholders – businesses, consumers, government agencies, and academics. The official  website contains lots of educational material for businesses and consumers alike from Data Privacy Day sponsors: http://dataprivacyday2010.org.

There are the perennial scams, such as the emails that look like they came from your bank, and then there are the “scam of the day” varieties, which take advantage of big, recent news that people might not be fully aware. An otherwise savvy consumer might be more vulnerable to this type of scam, because it takes advantage of the element of surprise in a sometimes very convincing way. Recent events – such as government rebate or incentive programs, H1N1 flu vaccinations, and now the 2010 Census – are prime targets for these convincing scams.

Millions of people have an online presence through various social networking sites and other communication channels – the ease with which you can share and find information attracts a lot of consumers and businesses alike. Of course, this also attracts scammers and identity thieves. A business that engages consumers through social media channels will most likely have a social media policy for employees. In the same vein, consumers should develop their own social media policies. Setting rules and guidelines before going online is a deterrent to making mistakes that can divulge sensitive information or personal identifying information (PII).

A frequent comment that our Licensed Investigators hear is, “I don’t know how I became a victim of identity theft – I shred everything!”

While a good crosscut paper shredder is a very important tool in the disposal of personal identifying information (PII), the reality is there is no one-step practice to reducing the chance that you’ll become a victim. Similarly, although a regular review of your credit report for activity that you don’t recognize is another helpful tool, the vast majority of fraudulent activity – as much as 80 percent – will never appear on a credit report.

Businesses often request a lot of personal identifying information (PII) from their customers. Quite often, these are legitimate requests intended to facilitate a business transaction. But there are many organizations that don’t practice sound data minimization tactics and gather all sorts of unnecessary information from customers. For instance, businesses often request Social Security numbers (SSN) as a matter of routine. The question is: does the business have a legitimate need for the SSN?  If so, what policies and procedures are employed to protect this customer data?