Identity Theft Tops Feds Biggest Concern in Our Industry
By David Hardy
Is your member data properly secured from theives?One in four Canadians has or knows someone who has been a victim of identity theft. According to the RCMP, identity theft is becoming the fastest growing means of criminal activity in Canada and the United States. The risk of ID theft is multiplied every time sensitive personal information is transmitted, retained or disposed of unsafely. According to the American Federal Trade Commission, instances of identity theft increased from 86,212 in 2001 to 214,905 in 2003 – a 250% boost in only two short years. While identity theft leaves the individual consumer vulnerable to destroyed credit ratings, unnecessarily incurred costs or even, in extreme cases, unjust criminal accusations, it also has the potential to sink small business. Businesses that suffer stolen consumer information can endure not only financial loss but also damaged reputations, destroyed credibility and impaired future operations. |
 |
The federal government reports that identity theft is “likely to continue to grow substantially over the next decade.” It occurs in any place “is associated with daily life,” is often beyond control of the victim, and relies heavily on “weaknesses in the safeguarding of personal identifying information.”
Clubs hold valuable data for thieves
Few businesses require as much personal information from consumers as those in the fitness industry. Name, address, social insurance or driver’s license number, birth date, employer information and credit card or banking numbers and expiry dates are generally collected from fitness club consumers. Club data systems are vulnerable to theft if not properly protected.
In July 2006, I met with Michael Jenkin, the director general co-chair of Consumer Affairs with Industry Canada. He reported that the current top concern of Consumer and Corporate Affairs is the elevating occurrences of identity theft from places of business.
Identity thieves prey on weaknesses in the systems businesses use to protect personal information. If, as a club owner, you’re not doing everything possible to protect your members’ information, there’s a chance your business may fall victim to identity theft.
Identity theft is usually committed by compromising electronic data systems; stolen computer hard drives to hacked databases to bribed employees can act as motivation.
Repercussions of theft are staggering
In May of 2006, the Greater Providence YMCA, in Providence, Rhode Island, was forced to issue a national public warning regarding the potential exposure of members’ information. Two laptops with over 65,000 individuals’ personal information were stolen from the facility’s administration office.
Loss of reputation or confidence may be the least of a club operator’s worry however. The ramifications of identity theft due to inadequate protection of consumer information comes with a hefty price tag: the payment card industry (PCI), the global forum for security standards for account data protection, charges up to $500,000 per incident of stolen identity. And, if the club in question fails to inform credit card companies of a possible theft, the credit card company can also charge business operators up to an additional $100,000 per incident.
Protect your club
According to The International Health Racquet and Sportsclub Association (IHRSA), clubs can do the following to protect against consumer identity theft:
• Adopt a privacy policy and display it in club literature.
• Re-examine what information is actually needed, and collect only essential information.
• Keep all personal information secured, and limit access to as few people as possible.
• Conduct criminal background checks on employees.
• Require employees with access to member files to sign confidentiality agreements.
• Include photos on employee and member ID cards and business cards.
• Use a shredder to dispose of personal information that does not need to be retained.
• Instruct staff to not convey personal or confidential information via voice mail, pagers, cellular phones or email.
• Encrypt and password-protect all personal and confidential information on computers.
• Issue employees personal passwords, and change them frequently.
• Regularly check computer systems, install firewall protection and keep virus protection up to date.
• Make passwords “strong”; use a combination of upper and lower case letters, numbers and symbols.
• Disable employees’ access to company data immediately upon termination.
Follow procedures if information goes missing
According to PCI, health clubs operate under the “service provider” category because they “process, store or transmit cardholder data on behalf of credit card members and merchants.” If a breach of security does occur, it recommends the following steps:
• Immediately notify law enforcement. The sooner local police know of a potential risk for identity theft, the sooner they can prevent further damage.
• Immediately notify potential victims. Early notification of the breach allows members to quickly prevent the misuse of their information.
• Immediately notify affected businesses. Stolen personal information can affect other businesses including banks and credit issuers. To avoid being fined, notify businesses who monitor account access information so they may watch for fraudulent activity.
Club operators can avoid undermining the credibility and accountability we’ve worked so hard to establish with our members. Take the time to ensure your members’ information is well protected. Work with a third party security provider, train staff to properly, protect information and password-protect all sensitive data.
David Hardy, MBA, is president of Fitness Industry Council of Canada (FIC), a not-for-profit trade organization representing the commercial fitness industry in Canada, and the president of Club Fit Corp. that operates five fitness clubs in Edmonton with over 20,000 members. David is a member of the Fitness Business Canada and Checkfree (formerly Aphelion Health Club Software) advisory boards and a contributing author to Human Kinetics publications.
Popularity: 6% [?]
