Identity Theft Notification

You have just received an identity theft notification letter or phone call from a company, hospital, doctor, talent agent, accountant or lawyer. The letter regretfully informs you that your personal information which you have shared as part of a business or medical transaction in the past, including your social security number, name, address, phone number and credit card numbers were compromised in a security breach by either internal company employees or hackers who remotely penetrated the computer systems. The letter ends with “This identity theft notification is provided to allow you to take all necessary and precautionary steps to protect yourself against potential identity theft risks”. Now that you’re done reading this letter, how do you feel? Do you even care? What are you supposed to do?

Businesses are forced to notify consumers and share the security breaches that have compromised customers’ personal information within a reasonable time. This is to allow customers to protect themselves against identity theft risks. Most large companies should have a consumer breach notification procedure in place for such incidents to comply with the laws, but to me, this is just good business practice whether there is a law or not. An identity theft notification procedure should be in place as part of a good customer service, and customer retention program, and not just part of regulatory compliance program, although, such procedure would satisfy both the legal requirements and customer satisfaction.

Companies should be as clear as possible in terms of how the incident happened, when it happened and what exactly was compromised. In other words, what files were stolen and what was in those files. They should do this rather quickly if they want to be effective and if they claim to care for their customers, and not because the law says so. After they explain the situation, they should provide a plan of action that consumers could take to protect themselves. Companies should also provide financial support so that consumers can execute the plan without delay. Companies should also consider a reserve account called “allowance for identity theft” to estimate and account for the costs associated with potential identity theft notification and consumer support for identity theft prevention, detection and resolutions.

Consumers for their part should demand further clarifications from the company if needed and ask questions. They should follow the steps outlined in the identity theft notification letter and take advantage of the offer that the company extends to consumers whose personal information was compromised. Sometimes, companies offer consumers free and periodic credit reports and monitoring services to help consumers detect any signs of identity fraud, which should not be overlooked by consumers. Consumers should do all they can to prevent and detect identity fraud following this notification.

Just in case you do not get any help or clear direction and guidance from the company that sent you the identity theft warning letter, go to the identity fraud detection section of this web site for guidance. You may also want to consider stop doing business with the company that just failed you.

Return to the home page from identity theft notification.

Identity Protection Insights Newsletter

Effective identity protection requires dynamic and integrated solutions. This site provides awareness, education and many solutions to address the growing problem of identity theft. Please sign up for the Identity Protection Insights newsletter to receive periodic notification of important articles and solutions, major identity theft news analysis, fraud alerts, and other service announcements.

Enter your E-mail Address
Enter your First Name (optional)
Then

Don't worry — your e-mail address is totally secure.
I promise to use it only to send you Identity Management Journal.