lady looking over shoulder Home | Guard against rising corporate identity theft

Guard against rising corporate identity theft

23 September 2008

Increasing numbers of businesses are falling victim to identity theft. According to figures released by life assistance firm CPP, the number of cases has risen by 154% since June 2007.

And while most victims are individuals, identity theft crimes against businesses have risen significantly. Yet a survey has revealed that almost 80% of businesses do not have policies in place for destroying sensitive material.

The fourth annual National Identity Fraud Prevention Week, which runs from 6-12 October, aims to raise awareness of the problem, which according to Home Office figures has already cost the UK economy a staggering £1.7bn.

Businesses that fall victim to ID theft will look at how it happened and how their details were obtained, and with increased reliance on websites, email and credit card transactions, there are more opportunities to divulge information about themselves and their customers.

But the problem is usually caused when staff inadvertently leak important records and information, rather than it being stolen.

Figures prepared by office products provider Fellowes following a bin-raiding survey for National Fraud Prevention Week showed businesses are clearly being careless with sensitive information.

A remarkable 79% have no policy in place for destroying sensitive material before throwing it away or preparing it for recycling.

And 40% risk customers’ identity as well as their own when throwing away customer/employee information containing names, addresses and other means of identification

One publicised case involved a small UK haulage company which only discovered its identity had been stolen when it started to receive letters from companies in Italy, Poland, Bulgaria and Greece enquiring about goods it was supposed to have delivered.

It also received bailiffs’ demands concerning transactions in Europe, and a court summons from Greece. The company was left with little available recourse through UK agencies, and had to liaise directly with foreign agencies.

It also faced financial ruin, as it buckled under the cost of trying to resolve the situation and restore its reputation through lengthy cross-border processes.

A salutary lesson here is that businesses should look to ensure that they consider their data from a risk perspective and change practices that give rise to greater risk.

Businesses owe a duty under the Data Protection Act to protect all customer and employee information, and could leave themselves exposed legally if they do not comply, and may be left to rue the day if poor policy increases their exposure to identity theft.

Whilst the loss of sensitive data by large organisations such as Northern Rock and the Ministry of Defence attract most publicity, fraudsters are equally likely to take advantage of failings by much smaller businesses. For that reason, every business should take measures to protect its own, and individuals’, information.

Such measures might include:

Companies should also check their details at Companies House to ensure they are correct and have not been changed fraudulently.

But if it does all go wrong and a business finds itself a victim of identity theft, there are steps that can be taken by law firms on the victim’s behalf, including:

© Shoosmiths. This page is for general information: it is not legal advice. Please read our full terms and conditions for details of the disclaimers and exclusions which apply.