Do not forget the old fashion way of stealing personally identifying information of your customers and employees – the paper records.
Keep paper documents containing non-public identifying information in a locked cabinet and/or locked room. Limit access to employees with a business need. Control the number of keys and who has a key. I-9s, Job Applications, Payroll records and your copy of credit card receipts need to be lockup.
If the document is not being used, employees need to re-lock up the document. Documents with Non-Public Information should not be left on desks while the employee are away from their work area.
Have a ‘clean desk’ policy regarding documents with sensitive information. Require employees to put the documents away, lock the filing cabinets and office doors at the end of the day (and during lunch).
Control access to the building. Employees need to report unfamiliar persons in the building.
Limit access to offsite storage facilities. Know who has access to your documents. Get a copy of the storage companies security policy.
Catalog documents shipped by third party shippers and always use tracking numbers.
Destroy documents containing sensitive information using a method that makes them unreadable.
Do not become the victim of a dumpster diver – lock it and destroy it.