Washington State Attorney General Rob McKenna and King County Prosecutor Dan Satterberg today asked businesses to reinforce their work to protect consumer data.
Saturday is Data Privacy Day, an international event promoting awareness of how personal information is collected, stored and shared – and how that information may be better protected. McKenna and Satterberg took the opportunity to provide data-protection tips to those who, by virtue of conducting transactions and other business, possess a lot of sensitive information.
“Identity thieves target business, government, and especially financial institutions to steal personal information about the finances of consumers,” McKenna said. “Vigilance on the part of those who guard customer data is our best firewall against ID thieves.”
McKenna and Satterberg’s letter was sent to business associations around the state. Satterberg co-chairs with McKenna the Attorney General’s Law Enforcement Group Against Identity Theft (LEGIT). With Satterberg’s help, LEGIT helped write and advocate for several laws to protect consumers from identity thieves, including stronger data breach notification rules, enhanced access to credit freezes, streamlined methods for prosecuting identity thieves and tougher penalties for mail theft.
“When we prosecute ID theft cases, we see the fear and the sense of violation felt by victims,” Satterberg said. “Despite our legislative successes to help prevent these crimes, it’s important to remind businesses about what they can do to reduce risk and their responsibilities under the law.”
Federal and state laws require the proper destruction of consumers’ sensitive financial, health or government identifiers. The letter offers tips, such as reducing the number of records by keeping only data required for business purposes or to meet legal obligations. And it suggests that “Electronic and Internet security is as important as the locks..on business doors.”
Included in the warning about electronic security is the acknowledgement that smartphones are increasingly used for transactions, and that effective policies to protect the information transmitted by such devices are important.
McKenna and Satterberg urge businesses to reduce the risk of data breaches by, among other policies:
• Being familiar with applicable state and federal laws.
• Knowing what personal consumer information is kept on computers and servers.
• Maintaining written policies and training to assure proper data disposal.
• Requiring contractors to comply with laws on data destruction and breaches.
• Establishing technical and physical safeguards to restrict access to personnel files, payroll files and other sensitive data.
• Performing background checks on employees who have access to personal information.
• Shortening all social security, telephone and account numbers on documents, including paychecks and correspondence.
• Maintaining a data breach notification policy, ensuring staff are trained to notify law enforcement, consumers and others affected.
• Safeguarding credit card terminals from wireless hacking.
• Improving security settings on wireless routers and regularly changing passwords to prevent hacking.
The Attorney General’s Office provides information on identity theft prevention specifically for businesses at www.atg.wa.gov/businesses.