skip banner navigation new york state banner - this will open a new window  
CPB Home Press Releases Consumer Links
Contact: Deborah Sturm Rausch  518.473.9472|518.474.2896
 For Immediate Release: November 1, 2008

NYS Consumer Protection Board Issues Business Privacy Guide To Reduce Risk To Identity Theft And Security Breach

Many businesses collect and retain sensitive personal information such as names, addresses, Social Security numbers (SSn), credit card and other account numbers. New laws at the federal and State levels make it imperative that businesses protect such personal information and limit retention and usage. Therefore, to culminate Identity Theft Awareness Week in the Empire State as declared by Governor David A. Paterson, the New York State Consumer Protection Board (CPB) issued its first Business Privacy Guide: How to Handle Personal Identifiable Information and Limit the Prospects of Identity Theft (Guide).

“Protecting consumers and businesses from the perils of identity theft is of great importance to this Administration,” said Governor David A. Paterson. “By working together with our partners in the public and private sectors, we are making New York a more business and consumer friendly State. That helps everyone, especially in this climate of fiscal concern.”

“Safeguarding people’s sensitive information is not just the law, it makes good business sense,” said Mindy A. Bockstein, Chairperson and Executive Director of the CPB. “As the State’s top consumer watchdog Agency, we not only protect consumers, but also work with businesses to ensure a fair and vibrant marketplace. In releasing this Guide, the CPB is offering direction to help businesses limit the adverse effects of data breach and identity theft, and to protect them from liability and negative publicity.”

A leader in protecting consumers, New York is one of the few States in the nation to provide best practice guidance to businesses to secure personal identifiable information and to help address the growing problem of identity theft. The Guide explains some of the core privacy principles and laws that are applicable to businesses and also provides best practices to achieve compliance.

Identity theft is the most common consumer fraud complaint in the United States affecting approximately ten million Americans and costing businesses more than $40 billion each year. According to the Michigan-based Ponemon Institute’s 2007 Annual Study: “Cost of Data Breach,” the average data breach today will cost a business $192 per incident, and 33% of consumers surveyed stated that they would cut ties with a company that had a data breach.

“We want the business community to know that they can turn to us for assistance,” continued Bockstein. Working together with partners in the business community, we are reaffirming our commitment to privacy principles, awareness and education among businesses.”

Kenneth Adams, President and CEO of the Business Council of New York State said, “New York’s business community is committed to protecting the privacy of consumers and this guide will be a valuable resource in those efforts.”

James R. Sherin, President and CEO, Retail Council of New York State, said, "On behalf of the retail industry, I want to thank Governor Paterson and the Consumer Protection Board in helping to educate more New York businesses in ways to prevent identity theft and limit exposure to liability. Doing so is just good business sense, and this Guide will be a useful tool for all of us."

The Guide provides key information and guidelines for business, among which are:
  • Develop a written privacy plan for your business.
  • Do not collect or retain any personal information that does not have a legitimate business purpose.
  • Limit access to personal information to those who need it for a legitimate business purpose.
  • Restrict the collection, use and retention of SSns to help prevent the unauthorized exposure of personal information in the event of a data breach.
  • Never post an employee’s or a customer’s SSn or print it so it’s visible on an identification badge, time or membership card.
  • Remove the expiration date and all but the last five digits of credit card numbers from customer receipts.
  • Lock papers, documents, disks and files containing personal identification information.
  • Install firewalls, anti-virus and anti-spyware software to secure networks and computers.
  • Password-protect laptops and encrypt sensitive information.
  • Prepare for a data breach by planning ahead.
  • Develop a communications strategy in case of a breach.
  • Learn New York State, federal and other State privacy laws if you do business with them.
  • Require new employees to read and understand your written privacy plan.
  • Institute regular training on privacy policies.
  • Compel contractors to adhere to the same privacy policies and practices of your business.
The Business Privacy Guide and additional information about privacy, data breach, security freeze and other identity theft related materials may be found on the CPB’s website at www.nysconsumer.gov along with other consumer and business tools, including our training materials on Do Not Call compliance for business.

The CPB, established in 1970 by the New York State Legislature, is the State's top consumer watchdog and think tank. The CPB's core mission is to protect New Yorkers by publicizing unscrupulous and questionable business practices and product recalls; conducting investigations and hearings; enforcing the Do Not Call law; researching issues; developing legislation; creating consumer education programs and materials; responding to individual marketplace complaints by securing voluntary agreements; and, representing the interests of consumers before the Public Service Commission and other State and federal agencies.

To file a consumer complaint with the NYS Consumer Protection Board (CPB), call our toll-free hotline at 800-697-1220 or visit CPB’s website at www.nysconsumer.gov. In addition to the online complaint form, the website is home to important consumer safety information.