Pre-employment background checks are absolutely essential. Sometimes, however, it may be hard to know just how deep you can dig. While it’s perfectly acceptable to perform a Google^TM search, you cannot (in most cases) make prospective employees take a lie-detector test.

For a comprehensive look at the dos and don’ts of pre-employment background checks, go to the SBA’s Business.gov site where you’ll find two important pages: One page that provides a list of resources on employment and labor laws, and one page that provides detailed information on pre-employment background checks.

I’ve mapped out below some of the basic information included on the Business.gov pages, as well as additional places you can turn – such as the FBI and the FTC – for more information on what you can and cannot ask candidates to do, and what you can and cannot do in your hiring process.

Public Information

Every company should perform the basics – call references, check past employment, and do an Internet search. I am continually amazed at how many companies do not do this basic research. It is well worth your time. Don’t skip this, no matter what.

There is also a good amount of public information available (about all of us). For example, bankruptcies and worker’s compensation claims are a matter of public record. Gather all the information you can – there is no harm or foul here. What you do with this information is a separate issue.

Digging Deeper

Beyond public information, there are several things about which you can legally ask the prospective employee. For example, under the Fair Credit Reporting Act (FCRA) you may ask an employee for written permission to access his/her credit report. Once again – what you do with that information is a completely separate issue, but you’re legally allowed to ask. The Federal Trade Commission provides a page on its website with detailed information on credit reports – your rights and your prospective employee’s rights. It’s worth reading.

Does your prospective employee have a criminal record? This is, as you might imagine, a touchy subject. The FBI website provides a page of information dedicated to answering that question, and giving specific advice and instructions on requesting a criminal history record. In fact, the FBI has a complete Freedom Of Information Act (FOIA) website here: http://foia.fbi.gov.

More Research, Less Risk

The reality is, every new employee you hire presents a risk to your organization. Perhaps the prospective employee will turn out to be your best asset; he/she may also turn out to be your greatest liability. There’s a lot of information available to you. Do your research. The deeper you legally dig, the more you can reduce your risk – and sleep better at night.

Tracy Johnson for Business.gov

In my last blog entry about Identity Theft I talked about what your responsibilities are if your business is hit by identity thieves – if information about your customers is compromised while in your possession.

I started with that entry first, as opposed to starting with a “protect yourself” entry first, because most business owners do not think about identity theft until after it’s happened.

Stop and think for a moment – where do you keep your customer information? How do you secure customer credit card information, personal information (name, address, etc.), and any identifying data you may have in your possession? Are you protecting that information differently than any other information?

As a business owner, it is your responsibility to safeguard customer information. If you don’t, it may cost you, your customers, and your business.

Step One: The Five-Step Plan

Taking the necessary steps to protecting yourself, and your customer information, is not as hard as it may sound. In fact, the Federal Trade Commission (FTC) provides an easy-to-follow five-step plan for protecting customer information. This plan, and accompanying brochure, can be found on the FTC website.

Here are the basics, according to the FTC:

1. Take Stock: Know what personal information you have in your files and on your computers
2. Scale Down: Keep only what you need for your business
3. Lock It: Protect the information in your care
4. Pitch It: Properly dispose of what you no longer need
5. Plan Ahead: Create a plan to respond to security incidents

Implementing this plan should be your first order of business. The next step is education.

Step Two: Education

For better or worse, there are likely many people in your organization that “touch”, in some way, your customer information. Partners and contractors outside your business may have access to that information as well. Every single person and organization that has access to your customer information must understand the threat of identity theft and the importance of securing that information.

You can do that education yourself. You can also turn again to the FTC for guidance. The FTC has a national education campaign called “AvoID Theft: Deter, Detect, Defend” wherein you can use their materials – co-branded with your own – to educate your employees and partners.

The more you educate, the safer you – and your customers – will be.

More Resources

As I mentioned in my last blog, there are a range of resources provided by the government that can help protect your customers and your business. The Small Business Administration’s Business.gov site provides a series of pages dedicated to this topic – as well as a range of related topics, including tips that can help you guard against Internet fraud. You can also find a similar listing of information on the Federal Trade Commission (FTC) site.

These resources are there to help. Use them. You may be sorry if you don’t.

Tracy Johnson for Business.gov

Nobody wants to think about the possibility of having their company – or, their company’s information – struck by identity thieves. Yet, identity theft is a reality.

As a business owner, it’s imperative to know what your role is if your company is successfully targeted and a customer’s identity is compromised. What are your legal responsibilities? What information – and how much information – do you provide to the law enforcement community?

There are a range of places you can turn for this information. The Small Business Administration’s Business.gov site provides a series of pages dedicated to this topic. You can also find a similar listing of information on the Federal Trade Commission (FTC) site.

Below, I’ve mapped out the basics to help point you in the right direction.

The Rules and Regulations

There is federal legislation called the Fair Credit Reporting Act (FCRA) that spells out rights for victims of identity theft, as well as responsibilities for businesses. At its most basic level, the FCRA requires you to provide a copy of the transaction record in question if one of your customers is a victim of identity theft as a result of personal information your business has collected. That record may be an invoice, a credit application, an account statement, or any document that may provide evidence about the theft.

You must provide this record, free of charge, within 30 days of receiving a request.

That said, you have the right to ensure you’re handing over information to actual authorities. Specifically, that request must be submitted to you in writing. Don’t fall victim to identity theft through a scam claiming that your business has already fallen victim.

You also have the right to ask questions. You may ask victims and/or authorities to provide proof of identity and a police report. If you cannot verify the requestor or if the claim seems to be a misrepresentation, you have the right to refuse in good faith.

More on the rules and regulations of turning over records can be found on the FTC website here.

What to Do In Case of Identity Theft

Let’s say it happens – let’s say customer information (social security number, credit card number, account number) is compromised. The first step is to contact local law authorities.

The next step, according to the FTC, is to notify other businesses that may be impacted. If account or credit card numbers have been stolen from your possession, you must contact the financial institution or credit card company affected – primarily so these organizations can monitor the accounts for fraudulent activity.

If names and social security numbers were compromised the FTC suggests you contact the major credit bureaus for next-step advice. If the compromise affects a large group of people, the FTC further suggests that you let the credit bureaus know if you are advising that your customers request fraud alerts for their files. Letting the credit bureaus know will help your customers.

For more information on which credit bureaus to contact and when can be found on the FTC website here: http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus59.htm

And, finally, if names and social security numbers have been compromised, the FTC advises that you notify the individuals affected. Be aware, however, this can be very tricky. The FTC provides guidance and guidelines on its website here:

http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus59.htm

Conclusion

Identity theft is a reality. And, your business may be targeted. I’ve provided places to go to find out your roles and responsibilities, like Business.gov and the FTC. In my next post, Identity Theft Part 2, I’ll provide advice on how to protect yourself against identity theft before it happens.

Tracy Johnson is a Senior Manager with ENC Marketing & Communications. She has the pleasure juggling a variety of clients from both the Information Technology and U.S. Government worlds. She brings a fresh perspective to problem solving for clients often integrating interactive marketing solutions with traditional communication methods. One of her top current clients is the Business Gateway Initiative, where she and the BG team provide marketing and outreach services for Business.gov.

Again, recently, residents were forced to flee their hometowns in an attempt to run from wildfires in California.  The fires are have charred more than 76 square miles over the past two weeks taking homes, lives and businesses.  Fire crews have been working around the clock to settle the fires and prevent their spread, but some homes could not be saved.  If you are a home-based business owner, that not only means your bed and photos have been destroyed, but you also now do not have a place of business.  What can you do now?  And if your business has been spared, what can you do to protect it from natural disaster in the future?

Recovering

If your business has been significantly affected by a natural disaster, you may be eligible for Federal government dollars from the U.S. Small Business Administration.  The SBA considers a small business qualified if you have “suffered substantial economic injury,” regardless of physical damage.  If your place of business is within an area declared as a disaster area, you are most likely eligible. Check with the SBA to see if you may be eligible.

If farmland has been destroyed by the disaster, special assistance is available through the USDA’s Farm Service Agency.

The Federal Emergency Management Agency (FEMA, a part of the Department of Homeland Security) offers many resources when a business has been hit by disaster.  FEMA currently offers flood insurance for businesses in light of the terrible flooding we have seen in recent years.  These disasters also sparked the development of the Emergency Management Guide for Business & Industry which includes a list of state and local Emergency Management Offices to contact for additional local assistance.  The guide; however, is mostly targeted towards preparing for emergencies.

What About the Things That Were Lost?

The IRS has pulled together a Disaster Losses Kit for Businesses which provides help for a variety of natural disasters including floods, fires, tornadoes, blizzards, and hurricanes.  This kit is your guide to claiming losses and obtaining copies of previous filed forms.  The IRS can recover and provide copies or transcripts of previously filed tax returns free of charge.

Emergency Preparedness

As we all know, hind site is 20/20, and if we can prepare for emergencies before they occur, we will all be better off.  The Small Business Administration and Department of Homeland Security offer the most robust resources for small business owners in preparing for an emergency.  Ready.gov/business is an excellent guide to help business owners “prepare to stay in business” and protect investments.

Top Government Emergency Preparation Guides for Businesses

• Ready.gov (DHS)
• IRS
• FEMA (DHS)
• SBA