Have you ever wondered what happens to your personal information (PI) after you give it to a company? I’m very cautious about handing out my PI because of the threat of identity theft, so I decided to start asking questions of those businesses that require this information.
CASE NO. 1: RENTING MY IDENTITY?
Recently, I needed to rent a piece of equipment, so I went to a rental store. The store required that I submit a copy of my driver’s license and my credit card. I asked the manager where he would secure my information. He opened an unlocked file cabinet and showed me a file in which he kept the customer data. This cabinet, which was behind the sales counter, was accessible to anyone who worked there, including the nightly cleaning crew. I couldn’t know if my PI was safeguarded or if the file cabinet was locked every night. Also, the same PI had been scanned into a computer, so it was now located in two places within the business. The manager couldn’t answer how long my PI would be kept by the company or how (or if) it would be destroyed when it was no longer needed.
I asked the manager if I could get the copy of my license back when I returned the equipment, but he said he had to keep it on file.
CASE NO. 2: COUCHED IN DUBIOUS TERMS
I went to a furniture company to purchase a sofa. The store was running a “six months, no interest” promotion on any purchase, but to be eligible I would have to fill out an application that required my name, address, telephone number, Social Security number, credit card number, etc.
The sofa manufacturer, not the local store, was offering this promotion, which meant that the application would be faxed to another company in a different state followed by the original documents sent through the mail. Certainly, this wasn’t a secure way of handling my PI, so I declined the offer and paid for the sofa up front. The safeguarding of my PI was more important to me than an extended payment plan.
These two examples were at small businesses. However, I wondered how large organizations handled their customers’ PI. So I did some research. What I found prompted me to write this column to offer insight and safeguarding measures to small and large companies that handle PI.
KEY QUESTIONS
Almost every organization, of course, holds a wealth of PI that if breached could be damaging to the business, its employees, vendors and customers. The company potentially could suffer monetary consequences through investigations, fines or lawsuits. Customer confidence also might be strained. Employees and customers could be affected by identity theft.