I recently attended a seminar, sponsored by a local commerce organization, on identify theft. I believe I had a good understanding of what identify theft is and some of the precautions I have to take to minimize risks. Those precautions included guarding my personal information and not giving it out unnecessarily, using secure communications and computer systems, and even shredding anything that contains contact and personal information when disposing of documents. 
What the speaker helped me realize as a real estate professional and a business person -- one who acquires, stores, uses or has access to any kind of identity information -- is the extent of my personal and company's liability exposure for identity theft involving other individuals' information in which I have come in contact or still have in my possession. Recent tough federal (and state) laws can result in heavy fines, civil penalties and even imprisonment for those found with inadequate (not being in proper compliance for) identity information protection.
Important federal identity information protection laws that you need to know and for which you and your business must be in compliance:
F.A.C.T.A. (see also FACTA Basics and FDIC regarding FACTA) FACTA stands for Fair and Accurate Credit Transactions Act. It covers the right to access your credit information once a year, but also requires businesses to properly protect and dispose of identify information that they have in their possession. If you have employees or customers, then this directly impacts you, as the owner or executive of your business, holding you personally liable for failure to properly protect identity information.
The Disposal Rule section of FACTA, now law, was designed to minimize the risk of identity theft and consumer fraud, It states that any person who maintains or otherwise possesses consumer or employee information for a business purpose is required to properly dispose of the information. This includes information used, or expected to be used, to establish eligibility for credit, insurance, or employment. In addition, all information contained in or derived from consumer reports and records must be properly disposed to protect against unauthorized access to or use of the information. (See also Inc.com's article about what it means for business.)
HIPPA (Health Insurance Portability and Accountability Act) Security Rule - if you are, anyone you know, is involved in the healthcare industry, you all know first-hand the importance of protecting personal information of patients and the angst and difficulty it entails to properly comply; but this also impacts anyone who has personnel that work for them if maintaining any type of healthcare related records, including making payments, coordination of benefits, etc. (See also APA's HIPPA Security Rule Primer, Security Rule in Federal Register, AHA and HIPPA.)
Gramm, Leach, Bliley Safeguard Rule, enforced by the Federal Trade Commission, requires financial institutions (this even includes education institutions) as well as those that use financial information to have a "Safeguard" security plan to protect the confidentiality and integrity of personal consumer information. (See also Wikipedia - Safeguards Rule and EDUCAUSE's GLB page). For example, according to the FTC, here is a partial list of those who must comply (regardless of whether large or small):
- Consumer reporting companies
- Lenders
- Insurers
- Employers
- Landlords
- Government agencies
- Mortgage brokers
- Automobile dealers
- Attorneys or private investigators
- Debt collectors
- Individuals who obtain a credit report on prospective nannies, contractors, or tenants
- Entities that maintain information in consumer reports as part of their role as service providers to other organizations covered by the Rule
The FTC has a national Identity Theft Resources site that is a one-stop resource to learn about the crime of identity theft and provides detailed information to help you Deter, Detect, and Defend against identity theft. It is also a resource for consumers, businesses, law enforcement, and the media – with access to specific laws, contact information, and resources from state and federal government agencies. (See also NAR's related page.)
Some additional information on these and other regulations can be found at the following information services providers:
Omnirim.com White Papers
Recall.com GLB and other regulations
Also, from the ABA: FTC Facts For Business - Information Compromise and the Risk For Business (PDF);
ABA Technology Report: Identity Theft: Reducing Your [Personal] Risk
NOTE: In addition to federal ID theft laws, many states (e.g., click here for article about state laws in the Delaware Valley) have also established their own Identity Theft regulations that may be tougher for compliance than federal laws.
Visit my web site for real estate services and support: LawrenceYerkes.com
and visit Besthomes-NJ.com to find the latest New Jersey Real Estate property listings (Residential, Commercial, Multi-Family, Farm, Land).
Copyright 2006 by Timon, Inc. All Rights Reserved.
