IDENTITY THEFT 2015 Fact, Fiction and Safeguards...

Welcome to…

Presented by

Paul L. Kennedy

Certified Identity Theft

Risk Management Specialist

For yesterday, today and tomorrow….. We can help

solve your problem problems

“Identity theft is the only crime where you

are”

Guilty Until Proven Innocent

Drivers License Identity Theft

MedicalIdentity Theft

Financial Identity Theft

Identity Theft is not just Credit Cards!

ID Theft is an international crime and

access to an attorney may be critical...

Social Security Identity Theft

Character / Criminal Identity Theft

Five Common Types of Identity Theft

What is Identity Theft?

Jan 2005 - December 2014

923,729,111*

records lost or stolen

in the workplace

(reported cases only)

™

*privacyrights.org

Alberta Venture (Business Journal) 10/2005

They’re not after your money,

your equipment, or your inventory.

The Identity Thief wants the personal information you keep on employees, customers & vendors And if you lose it, you’ll

wish they went for the cash

Employees can need up to 600 hours, mainly during business hours, to restore their identities

“If you experience a security breach... 20% of your customers will no longer do business with you, 40% will consider not doing business with you and 5% will be hiring lawyers!”

Needless to say… referrals will come to a screeching halt

The Cost of Identity Theft

*CIO Magazine, The Coming Pandemic, Michael Freidenberg, May 15th, 2006

An Overview of FACTA:• FACTA was signed by President Bush on December 4, 2003.• The provisions of the law have been phased in over the past few years, and all are now in effect.

An Overview of FACTA:• FACTA was signed by President Bush on December 4, 2003.• The provisions of the law have been phased in over the past few years, and all are now in effect.

However, these new provisions also create serious new responsibilities – and potential liabilities – for businesses nationwide. Simply put, if data aiding an identity theft originates from a security breach at your company, you could be sued, fined, or become a defendantin a class-action lawsuit by affected employees whose personal information has somehow gotten out.

However, these new provisions also create serious new responsibilities – and potential liabilities – for businesses nationwide. Simply put, if data aiding an identity theft originates from a security breach at your company, you could be sued, fined, or become a defendantin a class-action lawsuit by affected employees whose personal information has somehow gotten out.

The High Cost of Identity Theft to Business

• Civil liability. An employee could be entitled to recover actual damages sustained if their identity is stolen from an employer. Or, an employer could be liable for statutory damages for up to $1,000 per employee.

• Class action lawsuits. If large numbers of employees are impacted, they may be able to bring class action suits and obtain punitive damages from employers.

• Federal fines. The federal government could fine a covered business up to $2,500 for each violation.

• Civil liability. An employee could be entitled to recover actual damages sustained if their identity is stolen from an employer. Or, an employer could be liable for statutory damages for up to $1,000 per employee.

• Class action lawsuits. If large numbers of employees are impacted, they may be able to bring class action suits and obtain punitive damages from employers.

• Federal fines. The federal government could fine a covered business up to $2,500 for each violation.

This law applies to any business, regardless of size, that collects personal information or consumer reports about customers or employees to make decisions within their business (including names, credit card numbers, birthdates, home addresses and more).

This law applies to any business, regardless of size, that collects personal information or consumer reports about customers or employees to make decisions within their business (including names, credit card numbers, birthdates, home addresses and more).

Who Does FACTA Affect?

Now What? It’s Time to Develop a Plan!

According to the FTC, a “reasonable” plan to safeguard personal information includes:According to the FTC, a “reasonable” plan to safeguard personal information includes:

• Designating an employee (or employees) to coordinate and be responsible for the security program.

• Designating an employee (or employees) to coordinate and be responsible for the security program.

• …..including employee training….• …..including employee training….

• Continually evaluating and adjusting the security plan…..• Continually evaluating and adjusting the security plan…..

• Creating a mitigation plan…..This mitigation plan should kick in when there is a privacy or security breach and there is a need to “repair it” immediately in the eyes of customers, government regulators, and management.

• Creating a mitigation plan…..This mitigation plan should kick in when there is a privacy or security breach and there is a need to “repair it” immediately in the eyes of customers, government regulators, and management.

Federal Trade Commission - Bureau of Consumer Protection - Division of Consumer & Business Education

New ‘Red Flag’ Requirements for Financial Institutionsand Creditors will Help Fight Identity Theft

PG. 2

A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.

A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.

Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies.

Where non-profit and government entities defer payment for goods or services, they, too, are to be considered creditors.

Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies.

Where non-profit and government entities defer payment for goods or services, they, too, are to be considered creditors.

A covered account is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions.

A covered account is also an account for which there is a foreseeable risk of identity theft.

A covered account is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions.

A covered account is also an account for which there is a foreseeable risk of identity theft.

Federal Trade Commission - Bureau of Consumer Protection - Division of Consumer & Business Education

PG. 3

Federal Trade Commission

June 2008

For The Consumer

ftc.gov

1-877-FTC-HELP

Complying with the Red Flag Rules

The program must also describe appropriate responses that would prevent and mitigate the crime…..

The program must also describe appropriate responses that would prevent and mitigate the crime…..

The program must be managed by the Board of Directors or senior employees

The program must be managed by the Board of Directors or senior employees

…include appropriate staff training, and provide for oversight of any service providers.

…include appropriate staff training, and provide for oversight of any service providers.

Under the Red Flags Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs — or “red flags” — of identity theft.Under the Red Flags Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs — or “red flags” — of identity theft.

These laws require businesses to:

♦ Appoint, in writing, an Information Security Officer

♦ Develop a written plan and policy to protect non-public information for employees and customers

♦ Hold training for all employees

♦ Oversee service provider arrangements

Privacy and Security Laws

Be Sure To Check With Your Attorney On How These Laws May Specifically Apply To You

These rules also provide that covered accounts, creditors and businesses must also ensure their service providers and subcontractors comply and have reasonable policies and procedures in place. The rules state:

♦ Liability follows the data.

♦ A covered entity cannot escape its obligation to comply by outsourcing an activity. Businesses must exercise appropriate and effective oversight of service provider arrangements.

♦ Service providers and contractors must comply by implementing reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft.

♦ Contractors with whom the covered accounts exchange personally identifiable information (PII) are required to comply and have reasonable policies and procedures in place to protect information.

Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You

FACTA Red Flag Rules

THANK YOUTHANK YOU

Pre-Paid Legal Services®, Inc.

Paul L. Kennedy, CITRMS

Certified Identity Theft Risk Management Specialist