Identity Theft menu | Print version (pdf)
Protect Your Business Protect Your Customers
Protecting customer data is both a legal and a customer relationship issue. How does your organization protect the information it collects? This checklist will help you develop secure information management practices.
Collection
- Only collect essential data
- Obtain consent when you collect
Security and Storage
- Don't store unneeded data
- Encrypt data on networks, laptops and remote access devices
- Update security software frequently
- Save to networks, not hard drives
- Use locks, alarms and video cameras
- Conduct employee background checks
- Terminate network access when employees leave the organization
- Limit access to sensitive data
Disposal
- Use scrubbing software or destroy hard drives
- Shred all sensitive documents
Response Plan
- Prepare a strategy to manage a breach
What To Do When Information Goes Missing
To respond to a breach you need to investigate the problem internally and devise a plan for informing those affected. Timing is critical.
Investigating the Breach
Assess the situation by asking:
- What information was stolen?
- When was it stolen?
- How did it happen?
- Which files were affected?
- Is other information at risk?
- Is advice from a lawyer/accountant needed?
Communicating the Breach
Be prepared to inform:
- Credit reporting agencies
- Equifax
(1-866-779-6440) - TransUnion
(1-877-525-3823)
- Equifax
- Affected customers or businesses
- Law enforcement and PhoneBusters at
1-888-495-8501. - Privacy commissioner
For more advice and tools on ID theft, visit www.cmcweb.ca/idtheft
Identity Theft
- Recognize it.
- Report it.
- Stop it.