Identity Theft menu | Print version (pdf)

Protect Your Business Protect Your Customers

Protecting customer data is both a legal and a customer relationship issue. How does your organization protect the information it collects? This checklist will help you develop secure information management practices.

Collection

• Only collect essential data
• Obtain consent when you collect

Security and Storage

• Don't store unneeded data
• Encrypt data on networks, laptops and remote access devices
• Update security software frequently
• Save to networks, not hard drives
• Use locks, alarms and video cameras
• Conduct employee background checks
• Terminate network access when employees leave the organization
• Limit access to sensitive data

Disposal

• Use scrubbing software or destroy hard drives
• Shred all sensitive documents

Response Plan

• Prepare a strategy to manage a breach

What To Do When Information Goes Missing

To respond to a breach you need to investigate the problem internally and devise a plan for informing those affected. Timing is critical.

Investigating the Breach

Assess the situation by asking:

• What information was stolen?
• When was it stolen?
• How did it happen?
• Which files were affected?
• Is other information at risk?
• Is advice from a lawyer/accountant needed?

Communicating the Breach

Be prepared to inform:

• Credit reporting agencies
  • Equifax (1-866-779-6440)
  • TransUnion (1-877-525-3823)
• Affected customers or businesses
• Law enforcement and the Canadian Anti-Fraud Centre at 1-888-495-8501.
• Privacy commissioner

For more advice and tools on ID theft, visit www.cmcweb.ca/idtheft