Identity Theft Resource Guide
Author: Andrew Lang
Identity theft is one of the most rapidly growing crimes in America. In 2012 alone, about 16.6 million U.S. residents were victims of some kind of identity theft, according to the Bureau of Justice Statistics. These crimes can affect anyone: children, teens, adults, seniors and businesses. This page is intended to provide a brief overview of considerations and resources for securing your identity and information.
One of the reasons why identity theft affects so many people is that there are many different ways for identity theft to occur. Some scams have been around for quite a while, including telephone and mail scams, whereas internet scams and hacking represent more recent developments in technology. Two valuable resources that provide links to additional information, statutes, and help resolving identity theft issues, are the Wisconsin State Law Library’s Resource Guide on Identity Theft and the Wisconsin Department of Agriculture, Trade & Consumer Protection’s Office of Privacy Protection.
For Individuals
Some of the most effective ways to avoid identity theft are really simple precautions. Individuals should be mindful about their information, thinking about what information is out there, who has access to it, and where and how it can be accessed. Keeping tabs on your accounts and credit reports will help you keep aware of any suspicious activity. Different measures can help reduce the risk of exposure to certain kinds of scams, but the best defense is to think carefully before you give anyone else access to your information.
Individuals can take steps to avoid telephone scams by putting their home phone numbers on the National Do Not Call Registry or taking an unlisted phone number. It is also wise to avoid mail and online offers that require you to submit information before receiving a “free” gift; these offers frequently result in your information making its way onto marketing lists. The Direct Marketing Association offers preference services for both mail and e-mail that can help you avoid junk messages. For more tips about avoiding junk mail and scams, see the Office of Privacy Protection’s How to Slow the Flow of Unwanted Communications.
Social networking websites also create a large risk of identity theft, especially for children and teens, due to the large amount of personal information that is available through them. As a parent, it is important to talk with your kids about the dangers of identity theft and what level of information is safe to post online. One common method of “hacking” someone’s account is by using a site’s “I forgot my password” feature and using internet searches and social media to identify the answers to an individual’s security questions. For this reason, it is important to not only pick secure passwords and obscure security questions, but also to limit the amount of information available. For more about social networking, see the Wisconsin Bureau of Consumer Protection’s Consumer Facts: Social Networking.
Sometimes individuals’ information can be leaked through a data breach, where the scam artists get information from a business’s records rather than going after an individual. If you are notified that your records may have been part of a data breach, it does not mean your identity has been stolen; however, it does mean you should pay close attention to your credit statements and that you may want to place a fraud alert on your credit report.
For Businesses
Businesses have additional considerations because they need to protect not only their own information but also any information they might have about their customers. As mentioned above, a “data breach” refers to situations where scam artists have illegitimately acquired information about customers from a business’s records. If this happens, Wisconsin Law requires businesses to notify all potential victims of the breach. For more information about this law, see the Office of Privacy Protection’s guide to Wisconsin’s Data Breach Notification Law.
To prevent data breaches or other invasions of customer privacy, businesses should adopt policies to promote information security. This requires assessment of the information the business possesses, both about customers and about the business. It is usually a good policy to keep only the information that is essential and to avoid collecting information that is not necessary, because holding onto a lot of personal information only creates a greater risk. Discarded information should destroyed; paper documents should be cross-shredded or burned and electronic information should be wiped, not just deleted. Good security for businesses requires good policies for information retention, good employee training that stresses the necessity of protecting information, and electronic security measures such as firewalls, password protection, and software for detecting any breaches. This information and more can be found in the Federal Trade Commission’s Protecting Personal Information: A Guide for Business.
One important piece of equipment that may not immediately come to mind is digital photocopiers. Digital photocopiers often store the data that is copied or scanned on an internal hard drive. It is important to investigate a copier’s security features and, if replacing the machine, to make sure the hard drive is overwritten or removed. For more about Digital Copier security, see the Bureau of Consumer Protection’s Copier Data Security: A Guide for Businesses.
What to Do:
If you suspect someone has managed to obtain your information or identity, there are several steps you can take to minimize the damage. An excellent guide to this process is available through the Office of Privacy Protection.
- Notify the three credit reporting agencies immediately and ask for a fraud alert to be placed on your report.
- You may want to follow the fraud alert with a security freeze, which will stay in effect until you decide to lift it and will warn you of suspicious activity.
- File a report with the police and keep a copy for yourself; you may need this report to maintain a fraud alert or security freeze.
- The Office of Privacy Protection can help you work through the various steps of resolving an identity theft if you file an identity theft complaint.
- Warn your creditors of the identity theft, close all your accounts and open new ones. You may also need to do this with your bank accounts.
As a business owner, if you learn of a data breach or loss of information, there are steps you should take as well:
- Immediately disconnect compromised computers from your network.
- Investigate security lapses and take steps to secure vulnerable areas.
- Notify customers of a data breach, per Wisconsin Law. This notice must be provided within a reasonable time after the breach is discovered, which cannot be more than 45 days. Depending on how many people may have had their information taken, the business may be required to notify the consumer reporting agencies.
Andrew Lang is a library intern at Axley. For more information on resources regarding identity theft, please contact our librarian, Jane Crandall, at jcrandall@axley.com or 608.283.6739.
To subscribe to email alerts from Axley Law Firm, click here.