Identity theft is the fastest growing crime in the world. It's easy to perform, difficult to catch criminals who engage in it, and penalties are relatively lax. What you don't know about identity theft will surprise you.
This new crime is so lucrative that organized crime and terrorist organizations have jumped on board. Once data is stolen, it's sold on the identity theft market via various Internet sites. Medical insurance information can be sold for $50, social security numbers for $100, and credit cards with a PIN for $500. Criminals profit by selling hundreds or thousands at a time.
Fifty percent of confidential data loss is due to employees losing or stealing data.
As a result of the increasing problem of identity theft, Congress has enacted new legislation, and it's highly likely one or more of these new rules apply to your company. Of note:
- If you bill for a product or service, you meet the definition of a "creditor."
- Employers have a responsibility to secure the data of employees, clients and vendors.
- The liability for identity theft follows the data; if you share confidential data with a payroll company (for example), you're liable if that company has a data breach.
- If an employer loses any employee health information, they're subject to penalties under HIPAA and the HIPAA Security Rule.
- Fines for noncompliance are severe (up to $1M) and executives may be subject to jail time.
With medical identity theft, if someone is lacking medical insurance and needs expensive medical treatment, they can purchase stolen medical insurance information (along with stolen identification) and receive treatment as if they were that person. Imagine receiving a collections call from a hospital asking for payment for an expensive surgery you never had.
An added danger with medical identity theft involves the thief's blood type, drug allergies, and diseases being added to the victim's record. If the victim is treated based on this medical misinformation, it can result in serious bodily harm or death.
Victims of identity theft usually look to the organization responsible for the data breach to be "made whole", and this can result in class action lawsuits. The cost to the average business of a data breach is $6.3M.
The good news is you can protect your business by following some straightforward steps. The sites below have a lot of useful information about preventing identity theft and complying with the law.
Information technology plays a very important role in protecting your company from identity theft. Make sure you adhere to information technology best practices and industry standards. Work with your IT provider to make sure your network is secure to minimize the risks of identity theft.