To minimize the risk of unauthorized disclosure or loss of sensitive data, a business should implement data management practices and employ appropriate technology. The business entity should follow identity theft mitigation strategies, data retention and destruction policies, limitations on data access and restrictions on the collection and use of Social Security numbers. Appropriate staff should be regularly trained in these information management practices.
Identify Theft Mitigation
This fact sheet for businesses covers the federal "Red Flags" Rules and is designed to help banks and financial institutions protect customers against identity theft.
Handling Personally Identifying Information
The New York State Department of State Division of Consumer Protection's Business Privacy Guide provides information and support on the proper handling of personally identifying information.
Document Retention and Destruction
It is vital for all entities to have a written policy for the retention and destruction of personal information. This checklist sets forth the fundamental principles and elements of document retention and destruction.
Limiting Use of Social Security Numbers
This fact sheet for businesses outlines N.Y. Gen. Bus. Law Section 399-dd: Social Security number usage.
Helpful Information Privacy Management Links
These useful links provide additional information privacy resources.
If you have questions or concerns about information privacy, please contact the Division. We will review your message and/or question and respond.