By Amanda Clay
With the ever increasing risks associated with identity fraud and more strict federal and state laws, the protection of personal employee and client information is a major concern among the holders of such information. Personal information is defined by Tennessee state statute as an individual’s first name, or first initial and last name, plus one or more of the following data elements: (i) Social Security number, (ii) driver’s license number or state-issued ID card number, (iii) account number, credit card or debit card number combined with any security code, access code, PIN or password needed to access an account.
Special considerations must be made regarding personal information that is being transmitted through e-mail. If sending such information is necessary, it is key to consider password protection and encryption strategies. In the unfortunate event of unencrypted personal information being released, notification to all potentially affected individuals is required. In addition, a violation can subject the violator to a civil penalty of $10,000; $5,000 per day that a person’s identity has been assumed; or ten times the amount obtained or attempted to be obtained through the identity theft, whichever is greater. Consequences of a data breach include potential identity theft, legal and financial penalties, and reputation damage.
In addition, portals, such as those established through the use of software programs like iChannel, SmartVault, and File Genius improve the security around the transfer of files containing personal information. These programs require distinct initiation procedures and login credentials in order to further restrict the access to the confidential files.
Given the extent of repercussions associated with the release of unencrypted personal information, it is important to take great care in the transmission of such information.