Despite a host of new laws, big fines, tough industry regulations and the threat of class action lawsuits, many businesses are still not doing enough to guard their data and prevent corporate identity theft.

For example, I recall meeting the chief information officer (CIO) of a very well known retail chain. While he admitted that his own employees created a major security risk, because of their failure to follow security rules, he still refused to invest any money in educating his employees about security and identity theft issues.  Simply put, there was no way he could show a return on investment.

Unfortunately, that’s the attitude that many executives have towards the business identity theft problem. If identity theft protection programs don’t benefit a company’s bottom line, they will not be implemented. Needless to say, I have not shopped in any of those stores since meeting their CIO.

But big businesses are only part of the ID theft problem. Many experts believe small businesses are just as vulnerable to identity theft. Just because they may have fewer customers and less information to steal, they are still an easy, low-risk target for identity theft.

So what can businesses do to protect data and prevent identity theft?

For one, they can use more encryption. Data encryption, for example, which requires a password to read the data, makes data unusable to thieves. Businesses can and should keep better track of data that is at risk of being stolen or misused.

It is not only important to protect data, but it’s also critical to properly discard and erase it. And you may be surprised to learn how many businesses don’t shred or delete information properly or regularly.

You may remember that RadioShack data-dumping lawsuit  (http://myidentitytheftexpert.com/blog/2007/04/radioshack_sued_over_data_dump.html) that came down this past March. Obviously businesses should learn from real-world stories like this, but they don’t always. I think they need to invest in better education for their employees — and fast.

Almost all data breaches that can potentially lead to identity theft happen as a result of blunders made by employees, who either didn’t know the security rules or weren’t following them properly.

Another part of the identity theft problem starts with the regulators — those who continue to keep the security standards low for employees. For example, the credit card industry did get together recently to create a new set of security standards and forced companies of all sizes to protect customer credit card data.

And still, despite the fact that it’s widely recognized that most data breaches are as a result of employees’ error and/or neglect, these new standards only require companies to train their employees once a year — without even specifying the length of the training. That means they can get away with conducting only a 30-minute session and still meet minimum compliance.

With that kind of minimal attention, it shouldn’t be a surprise that we have a business identity theft problem!