Tina Anderson, like many other working moms, has a full-time nanny. She found her employee via a qualified search firm, and maintains records on her like the information discovered during a background check, her social security number, and other documents relating to her employment.
Beginning this summer, Anderson — and all small business owners — is going to be legally responsible for protecting her nanny’s personal information. She’ll have to “destroy” it before throwing it away. If she doesn’t she’ll be in violation of the Fair and Accurate Credit Transactions Act (FACTA). By not shredding this sensitive information, Leonard could face a fine or potentially a law suit.
“I had no idea that we’d subject ourselves to FACTA,” Anderson says from her home in Lakewood, Colorado. “I’ll have to figure out what type of shredding options are available to me.”
Steve Hastert, vice president of DataGuard USA, is in the business of solving this problem for Leonard and the thousands of small business owners like her. Hastert runs the Shred Nations web site that provides shredding services to businesses and consumers.
In fact, one of DataGuard’s most popular services provides for home and office pick up and destruction of these sensitive documents by local shredders.
The service, called “Express Shredding” allows Leonard to package up to 30 pounds of documents in a cardboard box. Using the web site, she can order a FedEx pickup of the documents from her home or office. The box is then delivered to a certified shredder. Once it is shredded, customers get an official document of destruction.
“It’s a simple, guaranteed solution for small business owners,” explains Hastert. “We offer the benefit of a certified shredding service so that business owners can prove that they shredded the sensitive documents. A home-office shredder is not only more expensive but it can’t offer that level of protection.”
Geri Smith, of the Women’s Economic Development Council, says this is a serious issue facing small business owners. “Most people think of shredding documents as a caution they should perform for protecting information from about their business from competitors. And that’s a
discretionary function. It’s a new twist to be “required” to shred sensitive information.”
In her opinion, though, FACTA is justified, especially when you consider what companies keep in a personnel file Among other facts, a thief would find the employee’s name, address, date of birth, job title and description, rate of pay and any other compensation paid, starting date and a résumé. If the employee has direct deposit, the file would also contain bank account information. “It certainly would be a gold mine,” she says.
The FACTA legislation is directly tied to the explosive growth in identity theft over the past five years. 9.3 million people had their identities stolen in 2004 alone, according to a study by the Better Business Bureau “Victims now spend an average of 600 hours recovering from this crime, often over a period of years,” says Linda Foley, executive director of the Identity Theft Resource Group. “Three years ago the average was 175 hours of time*, representing an increase of about 247%.”
According to a January 2005 report by Better Business Bureau, 10% of all identity theft is the result of information stolen by employees.
Hastert hopes that the new FACTA law will encourage small and medium business owners to take the steps necessary to protect their employee’s identity. “Every day I hear new stories about individuals who are identity theft victims because their employers didn’t protect their sensitive data,” he says. “Now employers’ are legally accountable for protecting their employees’ and customers’ personal information.” The Better Business Bureau reports that 8.7% of identity thefts are committed by corrupt employees.