Theft Awareness Increasing In Santa Cruz County
Santa Cruz Records
Susan Tossy - Santa Cruz Records Management
FACTA disposal rule came into affect on June 1st of this year and many businesses
are starting to realize that identity theft is a serious issue. The fact that
there are now provisions for law suits and fines seems to be a motivating factor
as well. But there are still the hold outs. The businesses that say "we just
don't shred" or "we just throw our stuff in the recycle bins".
With all of the coverage on increased identity theft (1 in 10 people will be a
victim this year, presumably more) we are still amazed to hear statements like
A year ago it was not uncommon for us to get the "cold shoulder"
when we tried to educate local businesses on the increasing issues of identity
theft, proper storage and disposal of sensitive material. Attitudes have really
changed in a very short time as awareness increases. Now we get a warm reception
at 9 out of 10 businesses, in fact local businesses are seeking us out for information
and services. We are also being asked to give presentations to local businesses,
organizations and networking groups. Not only do we let people know about our
record storage and document shredding service, we educate them on the new laws,
local news stories, helpful government websites and available publications. Sharing
our own continuing education with the local community has been (and continues
to be) a rewarding experience.
In addition to serving the business community,
our "walk in" business has been steadily on the rise as awareness increases.
We receive calls daily asking if we "do paper shredding for individuals"
or "do you shred personal stuff?" Not only do we shred paper for individuals,
it is CHEAP & FAST! You can bring it in, we run it through and you are on
your way. Walk in business has gone from 1 or 2 a week to an average of 5 people
a day. We get people from all over Santa Cruz County, many with stories of identity
theft, either themselves or someone they know.
Being aware of the problem
is a start, taking action to protect your personal information and that of your
customers should be a priority.
Ways to Keep Your Companies Information Secure
Your Employees Are Your First Line of Defense
Tossy - Santa Cruz Records Management
1) Have a written policy
about information security, make sure all employees have a copy and understand
2) Do not share log in passwords.
3) Always log off when
you are not using your computer.
4) Do not auto save passwords & use
your imagination to create complex passwords.
5) Keep passwords secure,
do not write them down on sticky notes and put them on your desk or computer screen.
Keep them in your head or in a secure area.
6) Do not use company computers
to access or download non work related internet material.
7) Hold confidential
conversations in private areas - avoid being overheard by those not authorized
to hear the information you are discussing - do not discuss business issues with
co-workers with in the hearing of customers, clients or patients.
not share company information out side of the work place. People that casually
question you about the company may not be entitled to company information. Refer
them to the company supervisor to avoid sharing the wrong information
Store company information in secured locations. Do not leave information on your
desk, lock it in drawers. Paper documents should be locked in designated storage
areas. Storage areas should be secured, with authorized limited access.
When you no longer need papers with confidential information to not discard them
with the regular trash. Use the FACTA guidelines to protect everyone you do business
with (shred, pulverize or incinerate). Destroy anything that has the following:
social security numbers, drivers' license numbers, phone numbers, email addresses,
physical addresses, credit card numbers, checking account numbers & any financial
it Affect You?
By: Susan Tossy,Operations
Santa Cruz Records Management
A recent article in USA
Today (Jan 2005) addressed the issues of Identity Theft and FACTA in a way that
brought the information to people in basic, easy to understand terminology. The
bottom line is this: If you conduct business with anyone, you are responsible
for protecting any information you have about them - period. Whether you hire
a gardener, housekeeper or nanny or employ 1 to 1 million people at a place of
business, FACTA applies to you.
FACTA, what does it mean? Technically it
means: Fair and Accurate Credit Transaction Act, a brand new federal law passed
in December 2004 designed to reduce the risk of consumer fraud and identity theft
created by improper disposal of consumer information.
The law was initially
geared towards Lenders, Insurers, Employers, Landlords,
Government Agencies, Mortgage Brokers and Automobile Dealers. Did you
find your type of business in this group? NO? Read on
and the intention of FACTA has grown beyond those business types to include: "any
person who maintains or otherwise possesses consumer information for a business
purpose" must properly destroy discarded consumer information. That
means that FACTA applies to virtually every person and business in the United
States. FACTA further states: "information must be disposed of by taking
reasonable measures to protect against unauthorized access to or use of the information
in connection with its disposal". That brings up the next question,
what are reasonable measures? Never fear, FACTA has spelled it out clearly:
Measures: "burning, pulverizing, or shredding of papers containing
consumer information" or entering into "a contract with
another party engaged in the business of record destruction to dispose of material,
specifically identified as consumer information, in a manner consistent with this
How can you comply? We at Santa Cruz Records Management
Inc have heard of everything from throwing papers in the fire place, on a fire
pit or on the barbeque. There are companies that hire an employee to sit at a
shredder and run a few sheets through at a time. There are self serve shredders
housed in laundry mats and copy stores that require bills to be continuously fed
through as you shred. The reason we know about all of these methods is because
these stories have been told in our office, by the very people that have tried
these methods. Time consuming and often ineffective and costly are some of the
complaints we hear. If you want to shred your own material, invest in a quality
shredder that can handle larger quantities of paper. Cross cut machines are the
most secure. The other method is to use a professional shredding company. Make
sure they are a NAID member, make sure to look at the facility and walk through
the shred process to see exactly how your material will be handled. Our customers
are still surprised by the low cost of using a professional shredding company.
When we walk our customers through the process from start to finish, they appreciate
how quickly and securely their material is disposed of.
The penalties for
violation can be severe. FACTA provides for substantial civil liability. Consumers
may be entitled to recover their actual damages sustained as a result of a violation
of the rule which, in the case of identity theft, could be very large. When large
numbers of consumers are affected, they may be able to bring class actions seeking
potentially massive statutory damage. If 1000 consumers were affected, a class
action could seek $1,000 per consumer, adding up to $1,000,000 dollars in statutory
damages. Courts are also authorized to award punitive damages in either an individual
suit or a class action. At the federal level, the government may bring action
in the federal court for up to $2,500 in penalties for each independent violation
of the rule. The states are also authorized to bring actions on behalf of their
residents and may recover up to $1,000 for each violation of the rule. In cases
of multiple violations, penalties can quickly add up to a large sum.
intention of providing this information is not a "scare tactic", it
is to inform. Crimes using personal information are growing so quickly that federal
and state law are scrambling to keep up. It is inevitable that all businesses
will have to make these efforts to protect their employees and customers. If you
would like more information on FACTA please contact our office.
By Susan Tossy - Operations Manger
Santa Cruz Records
HIPPA, Gramm-Leach-Bliley, Privacy Act, Trade Secret Protection,
Identity Theft Laws, Implied Contract Breach
new laws and regulations are
creating tighter guidelines for the protection and destruction of confidential
information. Whether you know it or not, you have an "implied contract"
to protect your customers' confidential information. Simply based on the fact
that you are collecting their data to conduct business establishes that contract.
Your customers have the right to expect you to take every precaution to protect
their information while in your custody and when discarded. Casually discarding
information, whether in the form of customer information, company information
or individual information, shows disregard for the welfare of all involved parties,
exposing them to theft and fraud. It also brings the
risk of legal action. Noncompliance can result in stiff penalties.
"Dumpster diving" is one of the primary methods for obtaining
confidential information to commit Identity Theft and Corporate Vandalism.
past & present, have a legal right to have their personal information protected
by shredding before it is discarded. Insurance records, employment applications,
time cards, health records, accident reports and attendance records are examples
of information that legally must be protected.
Shred? Why not just toss it into a recycle bin? Other than the
obvious risks to the confidentiality of the material, there are other things to
consider such as meeting the necessary requirements of information destruction,
How was the material
Where was it destroyed
Who destroyed it
was it destroyed
Legal chain of
shredding offers a higher degree of security, it is easy & affordable. Companies
should establish a destruction policy specifying what, when, why and how their
material is destroyed. Easily accessible in house material collection sites should
be set up and a regular shred schedule established.
Protects: Your Customers, Your Employees and Your Company.
Theft - Don't Be the Next Victim
By: Susan Tossy, Operations Manager
Santa Cruz Records Management
We have recently seen
a growing trend in the document shredding business. An increase in walk in customer
business. These are not commercial clients, but rather individuals who are bringing
in material from their homes to be destroyed. Most admit that it is a fear of
identity theft that has motivated them to box up old papers, junk mail, canceled
checks and anything with confidential information and have it shredded. While
it would seem that identity theft has been getting a lot of press and exposure,
people still seem to think that it won't happen to them. Over 10 million people
thought the same thing last year and will spend years trying to regain their credit
and their names. The sources for these thieves are obvious, yet unprotected.
you throw your junk mail away in the trash? Do you put your outgoing bills in
your mailbox? Do you receive your mail in an unlocked mailbox? Dumpster diving
and mail theft are 2 common, yet preventable ways for thieves to have easy access
to your information. One piece of mail thrown away at your house will provide
your name, the thief now has your address and if you are listed in the phone book,
they can look that up as well. This is all they need to request credit card applications,
or put in a change of address to reroute your mail to them. Your outgoing bills
provide even more information. If you mail a check to your credit card company,
that bill has your charge account number on it and your check provides your checking
account number. Your incoming mail is just as valuable to thieves. Do you order
checks and have them mailed to you? What about all of the credit card, credit
line, loan applications and blank credit card checks that say "you're pre-approved;
just sign and return"? Trust me, there are a lot of people out there that
want to "just sign & return" those applications in your name.
can you protect yourself? It seems obvious in many ways, yet a lot of people have
either not taken the time, think it won't happen to them or are not aware of their
vulnerability. What ever the reason, prevention is the solution. Not just at your
home, but in every aspect of your life. These steps are easy, quick and painless:
a locking mailbox|
out going mail at a secure source|
a shredder - shred everything, if the volume is too great take it to a shredding
company and watch them shred it|
Only carry your social security card, passport or birth certificate with you when
you need it for something specific. Other wise remove it from your wallet or purse
immediately and keep it in a secure locked location.|
not give any personal information, account numbers or passwords to anyone that
calls you on the phone. Your financial institutions already have this information
and have no reason to call you and ask for it.|
not buy anything over the phone. Get a business name, address and phone number.
Check it out with the Better Business Bureau. |
your Social Security Number at all times! This is a biggie!!! Most places that
ask for it don't really need it. If an application asks for it, question it. In
most cases it is not required. Job applications ask for it, but employers do not
need it unless they hire you. Be careful, be stingy and be safe.|
following websites can offer more information on the subject of identity theft
and resources for prevention and victims: