Are the Businesses You Frequent or Work for Exposing
You to an Identity Thief?
Assign 1 point for each NO answer.
| ___ | It conducts a background check before hiring employees who will have access to personal identifying information and screens cleaning services, temp services, and contractors. |
| ___ | It provides cross-cut paper shredders at each workstation or cash register area for the disposal of credit card slips, sensitive data or prescription forms. |
| ___ | It "wipes" electronic files, destroys computer diskettes, CD-ROMs, USB drives, backup devices, and other data storage media, and properly removes any data from computers before disposal or recycling. |
| ___ | It uses an alternate number instead of a Social Security number (SSN) for employee, client and customer ID numbers. |
| ___ | It requires its health insurance providers to use an alternate number rather than the SSN for employee ID numbers on health insurance cards (the law in some states). |
| ___ | It has trained designated staff about security procedures in sending sensitive personal data by email, telephone, or fax. |
| ___ | It keeps all personal data about employees and customers in locked cabinets. |
| ___ | It stores sensitive personal data in secure computer systems with access restricted only to qualified persons with a legitimate purpose. |
| ___ | It has implemented electronic audit trail procedures to monitor who is accessing data containing personal information and enforces strict penalties for illegitimate browsing and access. |
| ___ | It has installed encryption and other data safeguards for workplace mobile computers and memory devices such as laptops, PDAs, and USB devices that contain files with sensitive personal data. |
| ___ | It has trained employees in how to receive personal identifying information from customers and clients without jeopardizing their security. For example, pharmacists should not ask you to repeat your SSN aloud in a busy store. |
| ___ | It has a policy of never selling or sharing data about employees or customers. |
| ___ | It never asks for more data than absolutely necessary. For example, a health club does not need a SSN, nor does a veterinarian really need your driver's license number. |
| ___ | It does not print full SSNs on paychecks, parking permits, staff badges, time sheets, training program rosters, lists of who got promoted, on monthly account statements, on customer reports, etc. |
| ___ | It notifies customers and/or employees of computer security breaches involving sensitive personal information. (Laws in most states require such notice.) |
| ___ | It has developed a data protection and security breach readiness plan that includes incident reponse instructions, procedures for notice to affected individuals, and breach recovery procedures. |
| ___ | It has established a social media usage policy for its employees. |
| ___ | It has adopted a comprehensive privacy policy that includes responsible information-handling practices and has appointed an individual and/or department responsible for the privacy policy, one who can be contacted by employees and customers with questions and complaints. |
Count the number of "No" answers. |
| 1-4 points | Good job! You're doing all the right things. Even though you can't be 100% sure of protecting against identity theft, you can feel good you are doing the maximum. |
| 6-10 points | Improvement is needed. Read our section on Identity Theft & Data Breaches to learn how to protect yourself. Protection is a continuous process. Keep up the hard work! |
| 11-15 points | You're on thin ice! This business needs to improve its data security practices immediately. Be sure to speak with a manager or privacy officer about improving the company's information-handling policies and procedures. |
| 14-18 points | You are in serious danger of becoming the victim of a data breach or identity theft. You may want to choose not to frequent this business. Inform the manager or privacy officer about the dangers of poor data security and request in writing that information-handling policies and procedures be put into place. |
| If you weren't sure of some of the answers, be sure to ask questions at work and where you do business. It's your responsibility to be an ID theft aware consumer and employer. |
We acknowledge the work of Linda Foley of www.IDTheftInfoSource.com in co-authoring this quiz with the Privacy Rights Clearinghouse.
