FTC Released a Guide Information Compromise and the Risk of Identity Theft: Guidance for Your Business (June 2004)

The FTC Released the FTC FACTS for Business- Information Compromise and the Risk of Identity Theft: Guidance for Your Business

June 2004

The Federal Trade Commission (“FTC”) released a guide Information Compromise and the Risk of Identity Theft: Guidance for Your Business, which provides essential steps for businesses to take when handling personal information and responding to data breaches. Here’s a summary of the key points:

Importance of Protecting Personal Information

Businesses often collect sensitive information (e.g., names, Social Security numbers, credit card details).
If compromised, this information can lead to identity theft, though not all breaches result in such outcomes.

Immediate Actions After a Compromise

Understand Legal Obligations. Check federal and state laws regarding data breaches and notification requirements.
Notify Law Enforcement.
- Contact local police if there's potential harm from the breach.
- If needed, reach out to federal agencies like the FBI or the U.S. Secret Service.
- For mail theft, contact the U.S. Postal Inspection Service.
Notify Affected Businesses.
Inform banks or credit issuers if account information was compromised.
If holding data for other businesses, notify them to assist in monitoring for fraud.
Remove Compromised Information. If sensitive data was improperly posted online, remove it immediately and contact search engines to prevent caching.

Notifying Affected Individuals

Timely notifications help individuals mitigate potential misuse of their information.
Factors to consider when deciding to notify include the nature of the breach and the type of information stolen.

Recommendations for Notification

Consult law enforcement to ensure notifications do not hinder investigations.
Appoint a designated contact person for communication about the breach.
Provide clear, comprehensive information in notifications:
- Explain what was compromised, how it happened, and actions taken.
- Advise on appropriate responses, such as placing fraud alerts with credit bureaus.
- Include resources for further assistance, such as the FTC’s website on identity theft.
- Provide contact details for the law enforcement officer handling the case.

Encourage Reporting

Urge individuals to report any misuse of their information to the FTC.
Provide victims with information on obtaining police reports, which can help resolve fraudulent charges.

This guidance emphasizes the need for businesses to act quickly and responsibly in the event of a data breach, ensuring both compliance with legal obligations and the protection of affected individuals from potential identity theft.

For more information, see here: www.ftc.gov

These materials were obtained directly from the Federal Government public websites and are posted here for your review and reference only. No Claim to Original U.S. Government Works. These may not be the most recent versions. The U.S. Government may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.

Download:

Attachment	Size
ftc_facts_risk_of_identity_theft_guide_for_businesses.pdf	252.62 KB

Search form

Search form

Search form

FTC Released a Guide Information Compromise and the Risk of Identity Theft: Guidance for Your Business (June 2004)

The FTC Released the FTC FACTS for Business- Information Compromise and the Risk of Identity Theft: Guidance for Your Business

June 2004

Importance of Protecting Personal Information

Businesses often collect sensitive information (e.g., names, Social Security numbers, credit card details).

If compromised, this information can lead to identity theft, though not all breaches result in such outcomes.

Immediate Actions After a Compromise

Understand Legal Obligations. Check federal and state laws regarding data breaches and notification requirements.

Notify Law Enforcement.

Contact local police if there's potential harm from the breach.

If needed, reach out to federal agencies like the FBI or the U.S. Secret Service.

For mail theft, contact the U.S. Postal Inspection Service.

Notify Affected Businesses.

Inform banks or credit issuers if account information was compromised.

If holding data for other businesses, notify them to assist in monitoring for fraud.

Remove Compromised Information. If sensitive data was improperly posted online, remove it immediately and contact search engines to prevent caching.

Notifying Affected Individuals

Timely notifications help individuals mitigate potential misuse of their information.

Factors to consider when deciding to notify include the nature of the breach and the type of information stolen.

Recommendations for Notification

Consult law enforcement to ensure notifications do not hinder investigations.

Appoint a designated contact person for communication about the breach.

Provide clear, comprehensive information in notifications:

Explain what was compromised, how it happened, and actions taken.

Advise on appropriate responses, such as placing fraud alerts with credit bureaus.

Include resources for further assistance, such as the FTC’s website on identity theft.

Provide contact details for the law enforcement officer handling the case.

Encourage Reporting

Urge individuals to report any misuse of their information to the FTC.

Provide victims with information on obtaining police reports, which can help resolve fraudulent charges.

This guidance emphasizes the need for businesses to act quickly and responsibly in the event of a data breach, ensuring both compliance with legal obligations and the protection of affected individuals from potential identity theft.