Latest news
- When the drink runs dry
- Shopping centres' landmark trade mark decision
- Turbulent times bring landlords' remedies to the fore
- Goodbye statutory procedures, hello ACAS code of practice
- Pressetext case set to be landmark
- Asbestos could pose threat to public sector workers
See more Press releases
RSS news feeds
Home | News & events | Legal updates | Guard against rising corporate identity theft
Guard against rising corporate identity theft
23 September 2008
Increasing numbers of businesses are falling victim to identity theft. According to figures released by life assistance firm CPP, the number of cases has risen by 154% since June 2007.
And while most victims are individuals, identity theft crimes against businesses have risen significantly. Yet a survey has revealed that almost 80% of businesses do not have policies in place for destroying sensitive material.
The fourth annual National Identity Fraud Prevention Week, which runs from 6-12 October, aims to raise awareness of the problem, which according to Home Office figures has already cost the UK economy a staggering £1.7bn.
Businesses that fall victim to ID theft will look at how it happened and how their details were obtained, and with increased reliance on websites, email and credit card transactions, there are more opportunities to divulge information about themselves and their customers.
But the problem is usually caused when staff inadvertently leak important records and information, rather than it being stolen.
Figures prepared by office products provider Fellowes following a bin-raiding survey for National Fraud Prevention Week showed businesses are clearly being careless with sensitive information.
A remarkable 79% have no policy in place for destroying sensitive material before throwing it away or preparing it for recycling.
And 40% risk customers’ identity as well as their own when throwing away customer/employee information containing names, addresses and other means of identification
One publicised case involved a small UK haulage company which only discovered its identity had been stolen when it started to receive letters from companies in Italy, Poland, Bulgaria and Greece enquiring about goods it was supposed to have delivered.
It also received bailiffs’ demands concerning transactions in Europe, and a court summons from Greece. The company was left with little available recourse through UK agencies, and had to liaise directly with foreign agencies.
It also faced financial ruin, as it buckled under the cost of trying to resolve the situation and restore its reputation through lengthy cross-border processes.
A salutary lesson here is that businesses should look to ensure that they consider their data from a risk perspective and change practices that give rise to greater risk.
Businesses owe a duty under the Data Protection Act to protect all customer and employee information, and could leave themselves exposed legally if they do not comply, and may be left to rue the day if poor policy increases their exposure to identity theft.
Whilst the loss of sensitive data by large organisations such as Northern Rock and the Ministry of Defence attract most publicity, fraudsters are equally likely to take advantage of failings by much smaller businesses. For that reason, every business should take measures to protect its own, and individuals’, information.
Such measures might include:
- storing sensitive documentation with access limited to certain employees
- shredding unwanted customer and employee information
- setting new disposal policies for staff
Companies should also check their details at Companies House to ensure they are correct and have not been changed fraudulently.
But if it does all go wrong and a business finds itself a victim of identity theft, there are steps that can be taken by law firms on the victim’s behalf, including:
- liaise with the Metropolitan Police to bring the matter to their attention, exchange information, and get their help in corresponding with third parties. For example, where a website or phone line is to be taken down, the police can provide confirmation that the website/line has been set up to assist fraudulent activity.
- where fraudsters can be traced, take action against them for losses suffered by victim businesses
- liaise with third party telephone and website providers to have fraudulent websites, email, telephone and fax numbers shut down and removed. Injunctions may be obtained as a means to force third party cooperation.
- where appropriate, correspond with Companies House to correct registered information changed by fraudsters; for example registered office and director details
- where fraudulent activity has occurred abroad, Shoosmiths is part of The World Services Group, enabling it to locate and liaise with lawyers anywhere in the world
- advise on preventative measures
Are any of the issues in this article giving you a headache? If so, we want to know
Email this page
Search the site
Enter the keywords below to search:
Get in touch
Angela Ingram
Associate
T: 08700 86 6708
I: +44 (0)1489 61 6708
E: angela.ingram@shoosmiths.co.uk