Play it safe: keep your data from prying eyes.

• Author: Bradley, Susan
• Position: Data Security

You've seen the identity theft ads on television that feature people boasting about what they've bought using someone else's credit card and identification. There's the attractive woman who sounds like a computer geek itching to buy a 45-inch plasma TV, and the disheveled man who sounds like a teenager and talks of buying clothes. Funny ads, yes. But they point to the serious issue of keeping personal information private and secure.

In the past, this sort of credit card fraud occurred when individuals improperly handled credit card slips and other personal information. Fortunately, most firms now make a habit of shredding documents they no longer need.

And simply throwing documents, unshredded, into a dumpster isn't a safe security measure because the practice of "dumpster diving" has been used in business parks for years to obtain personal and confidential information.

SB 1386

California lawmakers stepped into the identity theft prevention arena after a hacker broke into a state computer server that housed payroll and other employee records and personal information.

For approximately 45 days, state employees were not informed that their information was at risk.

As a result, then-California Sen. Steve Peace introduced SB 1386 to remedy the notification issue, and the resulting law took effect July 1, 2003.

The law states that if two parts of information about a California resident that could be used for identity theft are reasonably believed to have been acquired by an unauthorized person, you must notify the affected party unless you have been instructed not to do so by authorities during an active investigation.

Protected sensitive data includes a person's name and one or more of the following: Social Security number; driver's license number; California ID number; credit card number; or debit card number in combination with the password code.

Think of the information residing in the computers at your office--or on laptop computers. Do you have files with names of clients, Social Security numbers, driver's license numbers or other information that could be used to steal their identity? Of course.

[ILLUSTRATION OMITTED]

Do you send information to vendors or banks via e-mail? Probably.

All such practices present opportunities for hackers to steal information--and if this happens, you must notify your clients, which can cost you money in terms of time and effort to make these notifications. But by taking the right steps, you can keep the...