The FTC currently mandates all Businesses to adopt an IDTheft Program bu November 1, 2009 here http://www.ftc.gov/opa/2009/07/redflag.shtm.
They have published this website tp help you figure out what to do http://www.ftc.gov/redflagsrule
The Texas Workforce Commission interpreted the FTC mandate, years ago, in the first four pages of their Winter 2007 newsletter http://www.twc.state.tx.us/news/tbt/tbt0107.pdf
Our Texas Attorney General has filed enforcement actions against companies such as CVS Pharmacy, Lifetime Fitness, Radio Shack, GAB Robins, B&F Finance McAllen, L.L.C, Nino Tax of Brownsville, Cornerstone Fitness and others for violating the Texas "Identity Theft Enforcement and Protection Act" and fined them over $1.8 million collectively.
I recommend that any business, especially in Texas, pay close attention to these issues when crafting their policy to comply with these State and Federal laws.
To help reduce your risks and mitigate your damages should you have a customer, client, news reporter, disgruntled employee, law enforcement officer or even the AGs office discover that you have violated one or more of these laws either knowingly or unknowingly, you should take action immediately to ensure that you have taken reasonable steps and complied with these laws before it is too late.
Do not wait until you experience a break-in, theft or data breach at your company. By then it may already be too late. Attorney General Abbott has stated
"The Office of the Attorneyhttp://www.oag.state.tx.us/
General will continue aggressively
enforcing identity theft laws and
protecting Texas consumers."