Identity theft: Are you really protecting your clients?

Imagine this: Mr. Gold, one of your clinic's best clients, walks up to the reception counter to check out after a routine wellness examination for his pet Labrador Retriever, Sonny.

After some small talk and a few stories about Sonny's recent escapades, Mr. Gold hands the receptionist his check to pay for today's services.

Today was an exceptionally busy day at the clinic. It's already 8 p.m., and the floor-cleaning service is waiting to go to work. Your staff decides to leave Mr. Gold's check in the unlocked drawer next to the computer for deposit the following day. It's happened before, and everyone wants to get home for dinner.

Unfortunately, the floor-cleaning service just hired a man named Joe who has a questionable background. After finishing the floors in the waiting room and reception area, Joe finds Mr. Gold's check in the unlocked drawer. Using his cell phone camera, he snaps a picture of the check. Information is power. With the pertinent data about Mr. Gold, Joe orders a batch of checks to be sent to a new address. He obtains a new driver's license using Mr. Gold's information.

A year later, the real Mr. Gold isn't paying much attention to Sonny's yearly reminder card from the veterinary clinic. He has more pressing concerns. On his way home from work a few nights ago, he is stopped for speeding. When the police officer runs Mr. Gold's driver's license in the state database, he finds a warrant issued for Mr. Gold's arrest.

He's hauled off to jail, all the while protesting his innocence. The truth is the real Mr. Gold is innocent.

You see, Joe the floor cleaner obtained a fake driver's license with Mr. Gold's information. Joe used the driver's license to elude a DUI charge a few months ago. He never showed up in court, so a warrant was issued for Mr. Gold's arrest.

While Mr. Gold was in a fight to prove his innocence, Joe already executed the next assault on the victim's bank accounts. They were all overdrawn.

While the story may be fictitious, it is far from implausible. Identity theft racked up some $36 billion worth of losses last year, according to the Better Business Bureau.

The paper trail

These problems extend into veterinary practices. Privacy issues are a concern in almost every area of life. All personal identification data – Social Security, driver's license and bank account numbers – leave a trail, showing where we have worked, how much we have spent and where we have spent it. These numbers define us in the legal and medical systems.

In this technology-based age, digits in the "system" often determine whether we can get a loan, insurance coverage and even a job.

The Federal Trade Commission (FTC) recognizes the growing number of problems resulting from identity crimes. The FTC also knows that individuals are put at risk because businesses fail to protect private information. Inadequate security measures, lax privacy policies and uneducated or negligent employees give criminals easy access to non-public data.

In recent years legislation has been passed to help protect consumers against identity theft. These laws hold businesses accountable for the information they allow to fall into criminal hands. Now lawsuits, stiff fines and even jail time befall executives, not to mention bad business publicity stemming from a data breach.

As a veterinarian and small-business owner, you know a good reputation is critical. Positive word-of-mouth advertising can drive people to your doors. Negative word-of-mouth has the opposite effect – especially among the friends and neighbors of those who are damaged by a lapse in your security.

"If you experience a security breach, 20 percent of your affected customer base will no longer do business with you, 40 percent will consider ending the relationship and 5 percent will be hiring lawyers!" (CIO magazine, The Coming Pandemic, Michael Freidenberg, May 15, 2006)

Your clinic also collects and stores private information about your staff. What would be the impact to your employees and business if their confidential information were stolen from the workplace?

According to the Identity Theft Resource Center, victims of identity theft spend an average of 300 hours recovering from the crime. Some victims deal with the issue for years after it's discovered.

Why does recovery take so long?

Here is a partial list of the agencies and institutions a victim might have to contact to resolve identity-theft issues: credit-card companies, all three credit-reporting agencies, financial institutions, the Federal Trade Commission, the Social Security Administration, the Department of Motor Vehicles, the U.S. Postal Service and law-enforcement departments.

Not all of these agencies can be contacted at night or during lunch hours and breaks. Your business pays the cost in lost productivity, no matter how much your dedicated staff tries to limit their efforts to their own time.

In addition to lost staff productivity, your practice may face federal fines of up to $2,500 per occurrence, civil and class-action lawsuits if your practice is responsible for the loss of employee or customer private information.

Your clients, your employees and the FTC expect you to protect the private information with which you've been entrusted.

As a business owner or executive, it's critical for you to understand how privacy laws pertain to your business, and to comply with them.

By having policies and procedures in place for securing private information, your staff would have known how to protect Mr. Gold's information and prevented his nightmare.

How are you protecting your clients' and employees' information? The final article in this series will identify steps you can take to comply with the laws.

James Iafe, VMD, is a Certified Identity Theft Risk Management Specialist (CITRMS). He practices at North Boros Veterinary Hospital in the suburbs of Pittsburgh.