This document summarizes various laws related to identity theft and data privacy, including the Fair Credit Reporting Act (FCRA), the Fair and Accurate Credit Transactions Act (FACTA), the Gramm-Leach-Bliley Act (GLBA), and state privacy laws. It notes that businesses can be held liable for identity theft that occurs in the workplace or when employee data is compromised. The document recommends implementing an identity theft protection program, appointing a compliance officer, developing security policies and training employees to help establish an "affirmative defense" in the event of data breaches or lawsuits.