Help Prevent Identity Theft


  

 
 

Most companies keep sensitive personal information in their files and in their computers—names, Social Security numbers, account data—that identifies customers or employees. Companies need information like that to fill orders, meet payroll or perform other necessary business functions. But if sensitive data falls into the wrong hands, it can lead to fraud or identity theft. Safeguarding sensitive data is just plain good business. You can take the following steps to help protect the personal information of your customers or clients.

Do not collect more personal information than needed.
Document the types of personal information you collect.
Analyze the personal information being collected to determine if it is necessary to deliver your services.

Do not retain personal information longer than legally required and/or necessary for business purposes.
Determine legal requirements for record retention.
Identify business purposes for retaining personal information and establish retention requirements.

Protect personal information you collect, use, disclose and retain.
Utilize administrative safeguards such as information security policies, procedures and standards.
Utilize technical safeguards such as identity management.

Ensure additional protection methods for sensitive personal information retained.
Determine the types of sensitive personal information to secure.
Determine the required level of security.

Restrict access to personal information to individuals with a business need to access the information.
Establish a policy for approving authorized users.
Identify positions authorized to gain access.

Dispose of personal information appropriately.
Develop policies and procedures for disposal.
Understand legal and regulatory requirements for disposing of personal information.

Keep antivirus software and security patches current.
Document policies for updating security patches and antivirus software.

Instill awareness and train employees on the proper handling of personal information.
Develop a privacy awareness program.
Identify responsibility for providing training.

Know federal, state and local laws and the rights consumers and employees have under those laws.
Compare business practices to applicable laws periodically to ensure compliance.

Conduct regular audits to ensure personal information is protected.
Identify responsibility for monitoring the protection of personal information.

Source: The AICPA/CICA Privacy Task Force. For more information on how to ensure your organization is following good privacy practices, visit www.aicpa.org/privacy and download a copy of Generally Accepted Privacy Principles—A Global Privacy Framework.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

QUIZ

News quiz: Scam email plagues tax professionals—again

Even as the IRS reported on success in reducing tax return identity theft in the 2016 season, the Service also warned tax professionals about yet another email phishing scam. See how much you know about recent news with this short quiz.