| ___ |
It conducts a criminal or civil background check before hiring employees who will have access to personal identifying information and
screens cleaning services, temp services, and contractors.
|
| ___ |
It provides cross-cut paper shredders at each workstation or cash register area for the disposal of credit card slips, sensitive data or prescription forms. |
| ___ |
It "wipes" electronic files, destroys computer diskettes and CD-ROMs, and properly removes any data from computers before disposal. |
| ___ |
It uses an alternate number instead of a Social Security numbers (SSNs) for employee, client and customer ID numbers. |
| ___ |
It requires its health insurance providers to use an alternate number rather than the SSN for employee ID numbers on health insurance cards. |
| ___ |
It has trained designated staff about security procedures in sending sensitive personal data by fax, email or telephone. |
| ___ |
It places photos on employee business cards for better identification and security. |
| ___ |
It keeps all personal data about employees and customers in locked cabinets. |
| ___ |
It stores sensitive personal data in secure computer systems with access restricted only to qualified persons with a legitimate. |
| ___ |
It has implemented electronic audit trail procedures to monitor who is accessing what and enforces strict penalties for illegitimate browsing and access. |
| ___ |
It has installed encryption and other data safeguards for workplace mobile computers, such as laptops and PDAs, that contain files with sensitive personal data. |
| ___ |
It has trained employees in how to receive personal identifying information from customers and clients without jeopardizing their security. For example, pharmacists who do not ask you to repeat your SSN aloud in a busy store. |
| ___ |
It has a policy of never selling or sharing data about employees or customers. |
| ___ |
It never asks for more data than absolutely necessary. For example, a health club does not need a SSN nor does a vet really need your driver's license number. |
| ___ |
It does not print full SSNs on paychecks, parking permits, staff badges, time sheets, training program rosters, lists of who got promoted, on monthly account statements, on customer reports, you name it. |
| ___ |
It notifies customers and/or employees of computer security breaches involving sensitive personal information. |
| ___ |
It has developed a crisis management plan that includes instructions to prevent identity theft if SSNs and/or financial account numbers are obtained illegitimately or in case sensitive employee or customer data is lost, stolen, or acquired electronically. |
| ___ |
It has adopted a comprehensive privacy policy that includes responsible information-handling practices and has appointed an individual and/or department responsible for the privacy policy, one who can be contacted by employees and customers with questions and complaints. |
