Below is an article I came across today. If any employer wants a good reason the train staff on identity theft, read this. Privacy professionals across the board agree that staff training should be mandatory for every company regardless of compliance mandates. This illustrates the point very well.
September 02, 2008
Mandatory Training, Fines for ID Theft Exposure
In the wake of identity theft scandals, two Texas employers, a health care provider and a retailer, have now entered agreements with Texas Attorney General Greg Abbott which require them to undertake mandatory employee training annually for the next 5 years.
Employees of Radio Shack and Select Medical Texas L.P. will learn about identity theft, its costs to patients/customers, and the importance of complying with new document disposal procedures, which were implemented as part of the agreements. To further ensure compliance with the new procedures, the two employers must post, at each of their locations, signs describing the record storage and disposal requirements and maintain certification records showing each employee's compliance with the training requirements. Additionally, Radio Shack has also agreed to conduct unannounced compliance audits at all of its Texas stores at least twice a year.
Select Medical came to the attorney general's attention after the Levelland Police Department reported that more than 4,000 documents containing customers' sensitive information were found in garbage containers behind the Levelland office of Select Physical Therapy Texas Limited Partnership. The state's enforcement action against Radio Shack began when state investigators learned that the retailer's Portland location exposed thousands of customers' personal identifying information by dumping sensitive records into a publicly accessible trash can.
Abbott's office prosecuted the two employers under the state's Identity Theft Enforcement and Protection Act. As a result of the prosecution, in addition to the mandatory training, Select Medical agreed to pay the state $990,000 and Radio Shack, $630,000. After the deduction of attorney's fees, the remaining sums will be appropriated for the investigation and prosecution of future identity theft cases.
Training is the single most basic and effective step any organization can take to stem the loss or theft of sensitive materials. Had these two employers initiated pro-active employee identity theft training these cases resulting in over $1.5 million in fines might have been avoided.