The federal Fair and Accurate Credit Transaction Act (FACTA) of 2003 says businesses that negligently or purposely allow employees’ or customers’ personally identifiable data to fall into the wrong hands can face fines of up to $2,500 per infraction. The law considers each identity stolen as an infraction, so that fine could add up fast.
But FACTA may be a slap on the wrist compared with the various state laws signed in recent years.
In the past four years, 45 states and the District of Columbia have enacted a total of 169 separate laws dealing with identity theft. Many of those hold employers to a higher standard than the federal law. And those laws often protect state citizens regardless of where they work or where their data are stored. Some recent examples:
New Jersey’s Identity Theft Prevention Act requires employers to notify all affected consumers of any security breach that may have exp...(register to read more)