The data doesn’t lie.

According to the FTC’s Consumer Sentinel Network Data Book records, identity theft reports in North Carolina jumped from 9,424 in 2017 to 11,481 in 2018. In fact, if you compare the 2017 and 2018 publications, you’ll discover that North Carolina went from being 18th in the country for identity theft reports to being 15th.

The 2018 data also reveals that nationwide identity theft reports are the highest they’ve ever been except for 2015.  

The numbers tell a story.

Despite technological advancements, the bad guys haven’t dropped their pursuit of crime. They’re still stealing consumer information. They’re still working to exploit data security vulnerabilities.

Identity theft is a real threat.    

To minimize risk, your business needs safeguards. For North Carolina companies, one mandatory protection is compliance with the North Carolina Identity Theft Protection Act of 2005.

If you’re a business owner and you’re unfamiliar with this piece of legislation, it’s time to get acquainted—fast.  

In this article, we’ll look at some highlights from the North Carolina Identity Theft Protection Act, and we’ll also examine how it practically impacts your company.

What Is the North Carolina Identity Theft Protection Act?

The purpose of the North Carolina Identity Theft Protection Act of 2005 was to provide additional safeguards to protect the personal information of the state’s residents.

When you look at the North Carolina Identity Theft Protection Act, you can organize the legislation into five major sections.  

Here are some quick highlights from the major points of this act. (Please note that the points below are drawn from the North Carolina General Assembly’s website, and you can find this information here.)

  • Social Security numbers. The G.S. 75-62 focuses around six “don’ts” when it comes to Social Security numbers (SSNs). However, the section does soften these prohibitions with some important exceptions—one of which is data encryption.
  • Handling security freezes. Both G.S. 75-63 and 75-63.1 are heavy with directives for consumer reporting agencies. More than likely, you’ll find these sections less applicable to your business.
  • Destroying records. G.S. 75-64 addresses what to do with sensitive information when it’s time to clean out your files. This section also explains what you need to do if you use another company to destroy important records.
  • Alerts regarding security breaches. G.S. 75-65 addresses the aftermath of a security breach, covering everything from how a business should communicate with a consumer to what organizations a business should notify.
  • Further protection of privacy. G.S. 75-66 has a laundry list of personal information that is banned from being freely published against a person’s will.  

What Does the North Carolina Identity Theft Protection Act Mean for Businesses?

For businesses, some requirements of the North Carolina Identity Theft Protection Act may be more relevant than others.

Like I mentioned previously, the G.S. 75-63 is about security freezes. If you read this section, you’ll probably learn more about your own rights than you will about compliance standards for your company.  

However, understanding other aspects of the legislation—such as SSN stipulations or destroying records—can mean the difference between compliance or landing in legal trouble.

It’s your responsibility to analyze the legal requirements and determine where you’re compliant—and where you’re not.

Data Protection Done Right

It’s been nearly 15 years since this law was passed. And the North Carolina Identity Theft Protection Act isn’t the end-all for consumer protection.

Here’s the reality: Broader compliance requirements are heading our way. In my opinion, GDPR in Europe was just a precursor of what’s coming.

And ignorance is NOT bliss.

Unfortunately, small businesses are often the target of identity theft crimes because they’re the most likely to be unprepared for an attack. And some might think installing the latest antivirus software will do the trick.

However, in the real world, data protection requires an iron-clad network, continuous monitoring, and attention to detail.

At Proactive IT, we’re able to help businesses protect sensitive information by…

  • Training your staff on cybersecurity.
  • Deploying and managing a robust, thorough, and layered implementation of IT security technology.
  • Helping implement best practices and auditing to make sure they remain in place.
  • Supporting your efforts to meet computer-security compliance requirements.
  • Assisting with computer and network policy documentation and incidence response plans.
  • Following our thorough internal process and procedure to make sure we always sweat the details for our customers.

Whether you’re located in Charlotte or you’re in another part of North Carolina, we can help your company follow data protection requirements. Simply contact us online, or give our team a call at 704-464-3075.