Not a Tech Pro Research member? Sign up for a Free Trial and get access to this content and more for one week.
Identity theft protection policy
- Originally Published:
- Apr 2017
Help protect your employees and customers from identity theft. This policy outlines precautions for reducing risk, signs to watch out for, and steps to take if you suspect identity theft has occurred.
From the policy:
Confidential information, whether kept in electronic or physical format, must be properly secured with access permitted only to authorized individuals. If electronic, it should be stored on systems that are physically locked down, configured with security controls to prevent unwanted access, and kept on encrypted storage media. If physical, it should be kept in secure rooms that are off limits to unauthorized personnel. Any third-party agencies that handle storage of this information should adhere to the same principles.
Do not use confidential data as part of customer account numbers, such as a social security number.
Don’t ask customers for private information (unless no alternative is available), so customers will know that’s standard procedure and can be on the alert for such requests.
Personal and confidential information should never be sent to customers via correspondence, either physically or electronically.
Properly dispose of all confidential data when applicable. If electronic, it should be securely erased from the storage media using methods outlined in Tech Pro Research’s Electronic Data Disposal Policy. If physical, it must be shredded and securely disposed of.
Already a member? Log in here