Archived — Business Identity Theft Checklist

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Business Identity Theft Checklist

Identity Theft menu | Print version (pdf)

Protect Your Business Protect Your Customers

Protecting customer data is both a legal and a customer relationship issue. How does your organization protect the information it collects? This checklist will help you develop secure information management practices.


  • Only collect essential data
  • Obtain consent when you collect

Security and Storage

  • Don't store unneeded data
  • Encrypt data on networks, laptops and remote access devices
  • Update security software frequently
  • Save to networks, not hard drives
  • Use locks, alarms and video cameras
  • Conduct employee background checks
  • Terminate network access when employees leave the organization
  • Limit access to sensitive data


  • Use scrubbing software or destroy hard drives
  • Shred all sensitive documents

Response Plan

  • Prepare a strategy to manage a breach

What To Do When Information Goes Missing

To respond to a breach you need to investigate the problem internally and devise a plan for informing those affected. Timing is critical.

Investigating the Breach

Assess the situation by asking:

  • What information was stolen?
  • When was it stolen?
  • How did it happen?
  • Which files were affected?
  • Is other information at risk?
  • Is advice from a lawyer/accountant needed?

Communicating the Breach

Be prepared to inform:

For more advice and tools on ID theft, visit

Identity Theft

  • Recognize it.
  • Report it.
  • Stop it.

About This Checklist

Produced by the Federal-Provincial-Territorial Consumer Measures Committee

Cat. No. Iu23-4/2005E-HTML
ISBN 0-662-39109-8