Protecting Customer Information

The Impediment of Identity Theft Act requires businesses to take a number of steps to help protect consumers' personal information and prevent identity theft. The law specifically requires:

• Records Destruction – When businesses dispose of their customer records, they are required to make a reasonable effort to destroy records containing personal information.
• Notification of Security Breaches – Businesses that maintain electronic records (like those stored on a computer) containing personal information are required to notify consumers if an unauthorized person gains access to their personal information.
• Partial Credit Card Numbers on Receipts – By 2008, if a business accepts credit card sales, all credit card receipts must display no more than the last five digits of the credit card number.