January 29th kicks off 2024’s Identity Theft Awareness Week, but consumer-conscious companies promote identity theft awareness – and prevention – 52 weeks a year. As the FTC, federal and state agencies, consumer groups, and others sponsor events across the country and online, here are three things your business can do to promote identity theft awareness to customers, employees, and members of your community.
Implement sound data security practices. Discussions of information security sometimes focus on arcane technological issues, but let’s not lose sight of what’s in it for many data crooks: getting their hands on the personal data necessary to commit identity theft. The FTC has brought close to 150 cases challenging companies’ lax data security. The lawsuits recount the lapses that caused the breaches in the first place – poor password policies, negligent network monitoring, slipshod supervision of contractors, and insufficient employee training, to name just a few examples. But the court papers may not tell the whole story about the devastating consequences those corporate deficiencies inflict on consumers. People injured by identity theft often must devote months – or years – trying to restore their reputations and clean up the mess made of their personal finances.
A simple way your business can be part of the solution is not to be part of the problem. Don’t collect personal information if you don’t have a genuine business need, safely store what you must maintain, and dispose of it securely when that business need passes. The FTC has guidance for companies – including cybersecurity resources for small businesses – to help you safeguard consumer data.
Lend a hand to people who have experienced identity theft. Assisting people who are trying to recover from identity theft isn’t just good customer relations. It’s the law. If a consumer spots charges on their account they didn’t make and it appears that an unauthorized transaction occurred at your company, Section 609(e) of the Fair Credit Reporting Act requires you to provide them with relevant records. The law allows you to get proof of their identity (like a driver’s license), but it’s illegal to re-victimize them by making them jump through hoops to get the documentation they need. According to an FTC law enforcement action, a national retail chain didn’t honor that FCRA provision and paid a $220,000 civil penalty. Read Businesses Must Provide Victims and Law Enforcement with Transaction Records Relating to Identity Theft for more about legal compliance.
And here’s a suggestion we’re passing along from a national retailer. When people come to their Customer Service Counters to retrace their steps in search of a lost wallet or missing credit card, the company has copies of FTC brochures at the ready, including Lost or Stolen Credit, ATM, and Debit Cards and What To Know About Identity Theft.
Spread the word about identity theft awareness through your social networks. Identity theft doesn’t just harm consumers. It’s bad for business, too. In addition to the billions of dollars lost every year to fraudsters, identity theft takes a tremendous toll on the well-being and peace of mind of affected customers, employees, friends, and family. That’s why we want to enlist you in the effort to raise awareness about how to prevent identity theft and streamline the recovery process. The FTC has sharable Identity Theft Awareness Week resources – including videos and other visuals – you can post on social media. We also have a new publication, How To Spot, Avoid, and Report Identity Theft in Your Language, available in multiple languages. In addition, during Identity Theft Awareness Week, the FTC and partners will be hosting podcasts and webinars for general audiences, as well as events focused on servicemembers, older adults, young adults, and business owners.
Do you know someone dealing with identity theft? Guide them to IdentityTheft.gov to get them started on a personal recovery plan.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.
Thanks for the article! Was great to learn about this business tips.