Mark Pribish

In era of data breaches, businesses need strong document policies

By Mark Pribish
Vice President and ID Theft Practice Leader

As a consumer, I think about how my information may still reside with a tax preparer or doctor that I have not done business with in 10 years, especially when I read stories of a data breach because of inactive customer information being stolen from an unsecure environment.

Businesses, especially small to medium-sized businesses, need to incorporate a formal document retention and destruction policy. Next, communicate your policy to employees so they understand their responsibility in safeguarding customer information, and to customers so that they have confidence in conducting business with you.

High-profile data breach events are just one part of the identity-theft epidemic in the United States. Your past business relationships where your personal information resides is another high-risk factor.

For example, how many of you have worked for the same company your entire life? I suspect very few of you have had only one job. Think about all of the personal information we have left with our past employers including name, address, Social Security number, driver's license and even bank account information (for direct deposit).

And it's not only past employers, but also their vendors, such as health insurance, dental insurance and supplemental insurance companies, along with payroll service and others where your personal information and even the personal information of your family have been used.

But there is more. Think of any past relationship, including every doctor, dentist, tax-preparation service, auto dealer, bank, school, mortgage broker, student loan servicer and any organization to which we have submitted personal information. Ask yourself, where is your sensitive information being stored today, how is it being secured, and what are the document retention and destruction policies of these organizations?

A great resource for business owners is ARMA International, a non-profit professional association and authority on managing records and information. ARMA developed and published principles to foster general awareness of information governance standards.

You can learn more about ARMA's "Generally Accepted Recordkeeping Principles," which detail how to properly retain information as organizations are creating and storing more information than ever before, mostly in electronic form.

In addition to document retention, the shredding of documents containing sensitive employee and customer information has become a high priority because of identity theft, data breaches and stolen trade secrets and client information.

Here are some basic shredding tips that your business should include in its information security and governance best practices:

  • Documents destruction services: Choose a company that knows state and federal laws governing storage and destruction of documents. Important things to know include understanding the difference between hard copy document and electronic document requirements.
  • Choose the right shredder: A cross-cut shredder (versus a standard shredder that simply shreds documents into long horizontal strips, some so wide that you can still make out individual words) cuts the paper from two directions and makes it much harder for someone to reconstruct the document.
  • Document destruction compliance is the law: The state and federal regulatory environment regarding information security and governance, including document destruction will be enforced with fines and penalties that could negatively impact your business.

Identity theft and data breach can bring a business down. Review and update your document retention and destruction policy each year and communicate your policy to employees and customers.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Become a Partner in a Business... and a Scam Victim

Looking for a way to invest your money?

February 16, 2016

If you are looking for a new job or investment opportunity, watch out for this scam. It seems like an entrepreneur is inviting you to partner in a business venture, but it's actually a version of the classic advanced fee con.

How the Scam Works

You get a call or email from someone claiming to represent a business. The company is looking for new partners. These investors receive 50% equity in the business, but there's a catch. You need to pay thousands of dollars in "associated fees and costs" first.

Versions of this con have been around for a while. Typically, an overseas "businessman" emails targets looking for investors in his amazing new company. It is very similar to the Nigerian Prince con. This new version is far more sophisticated. Scammers have a credible business, website and backstory.

In one case reported to BBB, the business calls itself Academic Tech Partners and claims to work with universities turning their research to marketable products. Its name and logo look extremely similar to Academic Tech Ventures, Inc. Both have domains that were registered in September 2015.

Tips to spot an advanced fee scam:

  • Use the "too good to be true" rule. If an "opportunity" just falls in your lap (or inbox) and appears too good to be true, there's probably a catch.
  • Don't share banking information. Do not reply to emails asking for personal banking or credit card information.
  • Be wary of individuals claiming to be overseas. In many different types of scams, con artists claim to be living abroad to avoid in person contact. Consider this a red flag.
  • Be suspicious of transactions that involve additional fees. Scammers will often tempt victims with a great offer (lottery winnings, job offer) and request additional fees to further the transaction.
  • Hit delete. Don't reply, and don't click any links or download attachments in emails such as this.

For More Information:

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scam).

See more at: http://www.bbb.org/council/news-events/bbb-scam-alerts/2016/02/become-a-partner-in-a-business...-and-a-scam-victim/#sthash.PwI6Pl3y.dpuf

To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker).

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

If you believe your identity has been stolen, call 866.SMART68 today.