Kroll Cyber Security Blog – A Dialogue on Data Security

A frequent comment that our Licensed Investigators hear is, “I don’t know how I became a victim of identity theft – I shred everything!”

While a good crosscut paper shredder is a very important tool in the disposal of personal identifying information (PII), the reality is there is no one-step practice to reducing the chance that you’ll become a victim. Similarly, although a regular review of your credit report for activity that you don’t recognize is another helpful tool, the vast majority of fraudulent activity – as much as 80 percent – will never appear on a credit report.

Businesses often request a lot of personal identifying information (PII) from their customers. Quite often, these are legitimate requests intended to facilitate a business transaction. But there are many organizations that don’t practice sound data minimization tactics and gather all sorts of unnecessary information from customers. For instance, businesses often request Social Security numbers (SSN) as a matter of routine. The question is: does the business have a legitimate need for the SSN?  If so, what policies and procedures are employed to protect this customer data?

One of the most popular New Year’s resolutions involves putting oneself on a diet – but perhaps consumers should really consider a “data diet.” Kroll strongly advises both its corporate clients and consumers to practice data minimization to dispose of old, outdated or unused data. The practice is important to data security because thieves can’t steal what you don’t have. It’s a great “exercise” for consumers, too, because everyone has a tendency to unnecessarily gather and carry plenty of paperwork, emails, and other items that hold sensitive personal information – items that serve no other purpose than as a liability for theft or loss.