When we think about data breaches, we often worry about malicious-minded computer hackers exploiting software flaws, or perhaps Internet criminals seeking to enrich themselves at our expense. But the truth is that errors and negligence within the workplace are a significant cause of data breaches that compromise sensitive personal information.
Thus, a critical starting point for preventing future security breaches (and the identity theft that can follow) is developing ironclad policies and practices for handling personal information from within the workplace.
Privacy and data security have been critical business issues for some time. Nearly every state (Excel file) in the U.S. has enacted a data breach notification law. These laws require businesses to notify consumers of breaches of personal data that could result in financial identity theft, and in some states, medical identity theft.
Data breaches can cost companies millions of dollars per incident in direct costs, such as notifying victims. One study in 2011 found that breaches cost on average $214 per compromised record. In addition, the public relations fallout from a data breach can be significant. Corporate reputations can suffer tremendously, resulting in the loss of customers.
Furthermore, lawsuits against firms for negligent handling of personal information are becoming more common. Even if an organization prevails, litigation costs can be substantial.
Many employers are imposing new restrictions on who can take confidential records out of the office and are providing special training on how to keep data secure. Workers found violating security policies are being disciplined, or even dismissed. So whether or not a company is cracking down on computer security, employees should consider protecting themselves. Experts say it’s wise to check your company’s policy or urge such policies be adopted or clarified.
A good place to start is with our Workplace Identity Theft Quiz. The quiz asks 18 questions regarding the policies and practices of the businesses you frequent or work for. Tally up the score and you can see where the business falls in terms of protecting personal data. We hope you will use the quiz and share it with your colleagues. It may provide a way to start meaningful dialogue about a company's internal data-handling practices.
- PRC's Workplace Identity Quiz - https://www.privacyrights.org/itrc-quiz2.htm
- PRC's Chronology of Data Breaches - https://www.privacyrights.org/data-breach
- PRC's Fact Sheet 12: Checklist of Responsible Information-Handling Practices - https://www.privacyrights.org/fs/fs12-infohandling.htm
- PRC's Fact Sheet 17b: How to Deal with a Security Breach - https://www.privacyrights.org/fs/fs17b-SecurityBreach.htm
- PRC's Fact Sheet 17: Coping with Identity Theft: Reducing the Risk of Fraud - https://www.privacyrights.org/fs/fs17-it.htm