Kroll Fraud Solutions Blog – A Dialogue on Data Security

A frequent comment that our Licensed Investigators hear is, “I don’t know how I became a victim of identity theft – I shred everything!”

While a good crosscut paper shredder is a very important tool in the disposal of personal identifying information (PII), the reality is there is no one-step practice to reducing the chance that you’ll become a victim. Similarly, although a regular review of your credit report for activity that you don’t recognize is another helpful tool, the vast majority of fraudulent activity – as much as 80 percent – will never appear on a credit report.

Businesses often request a lot of personal identifying information (PII) from their customers. Quite often, these are legitimate requests intended to facilitate a business transaction. But there are many organizations that don’t practice sound data minimization tactics and gather all sorts of unnecessary information from customers. For instance, businesses often request Social Security numbers (SSN) as a matter of routine. The question is: does the business have a legitimate need for the SSN?  If so, what policies and procedures are employed to protect this customer data?

One of the most popular New Year’s resolutions involves putting oneself on a diet – but perhaps consumers should really consider a “data diet.” Kroll strongly advises both its corporate clients and consumers to practice data minimization to dispose of old, outdated or unused data. The practice is important to data security because thieves can’t steal what you don’t have. It’s a great “exercise” for consumers, too, because everyone has a tendency to unnecessarily gather and carry plenty of paperwork, emails, and other items that hold sensitive personal information – items that serve no other purpose than as a liability for theft or loss.

On Monday, January 18, 2010, Kroll Fraud Solutions will post the first in our series of data security tips for consumers. The tips are part of our effort to make data security a New Year’s resolution for all consumers.

There are many ways that individuals can safeguard their sensitive personal information. Check back next week, and in the future, for helpful tips and advice.

Planning on launching that new corporate social media initiative this year? While this has the potential to be a boon opportunity for many companies, it is important to remember that it opens up new and dangerous avenues for fraudsters to siphon sensitive PII and UBI. Any employees involved in directly engaging customers through social media outlets must be trained to recognize and avoid potential scams and to never divulge information such as passwords, logins, or the like. Outlining in the company’s social media policy – specifically what types of PII or UBI can and cannot be divulged – will also help employees understand the parameters of this new communications channel.