Workplace Identity Theft Quiz

Are the Businesses You Frequent or Work for Exposing
You to an Identity Thief?

 

Assign 1 point for each NO answer.

 

___

It conducts a background check before hiring employees who will have access to personal identifying information and screens cleaning services, temp services, and contractors.

___

It provides cross-cut paper shredders at each workstation or cash register area for the disposal of credit card slips, sensitive data or prescription forms.

___

It "wipes" electronic files, destroys computer diskettes, CD-ROMs, USB drives, backup devices, and other data storage media, and properly removes any data from computers before disposal or recycling.

___

It uses an alternate number instead of a Social Security number (SSN) for employee, client and customer ID numbers.

___

It requires its health insurance providers to use an alternate number rather than the SSN for employee ID numbers on health insurance cards (the law in some states).

___

It has trained designated staff about security procedures in sending sensitive personal data by email, telephone, or fax.

___

It keeps all personal data about employees and customers in locked cabinets.

___

It stores sensitive personal data in secure computer systems with access restricted only to qualified persons with a legitimate purpose.

___

It has implemented electronic audit trail procedures to monitor who is accessing data containing personal information and enforces strict penalties for illegitimate browsing and access.

 ___

It has installed encryption and other data safeguards for workplace mobile computers and memory devices such as laptops, PDAs, and USB devices that contain files with sensitive personal data.

___

It has trained employees in how to receive personal identifying information from customers and clients without jeopardizing their security. For example, pharmacists should not ask you to repeat your SSN aloud in a busy store.

___

It has a policy of never selling or sharing data about employees or customers.

___

It never asks for more data than absolutely necessary. For example, a health club does not need a SSN, nor does a veterinarian really need your driver's license number.

___

It does not print full SSNs on paychecks, parking permits, staff badges, time sheets, training program rosters, lists of who got promoted, on monthly account statements, on customer reports, etc.

___

It notifies customers and/or employees of computer security breaches involving sensitive personal information. (Laws in most states require such notice.)

___

It has developed a data protection and security breach readiness plan that includes incident reponse instructions, procedures for notice to affected individuals, and breach recovery procedures.

___

It has established a social media usage policy for its employees.

___

It has adopted a comprehensive privacy policy that includes responsible information-handling practices and has appointed an individual and/or department responsible for the privacy policy, one who can be contacted by employees and customers with questions and complaints.

Count the number of "No" answers.
Each item illustrates what businesses can do to prevent identity theft.

1-4 pointsGood job! You're doing all the right things. Even though you can't be 100% sure of protecting against identity theft, you can feel good you are doing the maximum.
6-10 pointsImprovement is needed. Read our section on Identity Theft & Data Breaches to learn how to protect yourself. Protection is a continuous process. Keep up the hard work!
11-15 pointsYou're on thin ice! This business needs to improve its data security practices immediately. Be sure to speak with a manager or privacy officer about improving the company's information-handling policies and procedures.
14-18 pointsYou are in serious danger of becoming the victim of a data breach or identity theft. You may want to choose not to frequent this business. Inform the manager or privacy officer about the dangers of poor data security and request in writing that information-handling policies and procedures be put into place.
If you weren't sure of some of the answers, be sure to ask questions at work and where you do business. It's your responsibility to be an ID theft aware consumer and employer.

We acknowledge the work of Linda Foley of www.IDTheftInfoSource.com in co-authoring this quiz with the Privacy Rights Clearinghouse.