idt 2015
TRANSCRIPT
IDENTITY THEFT 2015 Fact, Fiction and Safeguards...
Welcome to…
Presented by
Paul L. Kennedy
Certified Identity Theft
Risk Management Specialist
For yesterday, today and tomorrow….. We can help
solve your problem problems
“Identity theft is the only crime where you
are”
Guilty Until Proven Innocent
Drivers License Identity Theft
MedicalIdentity Theft
Financial Identity Theft
Identity Theft is not just Credit Cards!
ID Theft is an international crime and
access to an attorney may be critical...
Social Security Identity Theft
Character / Criminal Identity Theft
Five Common Types of Identity Theft
What is Identity Theft?
Jan 2005 - December 2014
923,729,111*
records lost or stolen
in the workplace
(reported cases only)
™
*privacyrights.org
Alberta Venture (Business Journal) 10/2005
They’re not after your money,
your equipment, or your inventory.
The Identity Thief wants the personal information you keep on employees, customers & vendors And if you lose it, you’ll
wish they went for the cash
Employees can need up to 600 hours, mainly during business hours, to restore their identities
“If you experience a security breach... 20% of your customers will no longer do business with you, 40% will consider not doing business with you and 5% will be hiring lawyers!”
Needless to say… referrals will come to a screeching halt
The Cost of Identity Theft
*CIO Magazine, The Coming Pandemic, Michael Freidenberg, May 15th, 2006
An Overview of FACTA:• FACTA was signed by President Bush on December 4, 2003.• The provisions of the law have been phased in over the past few years, and all are now in effect.
An Overview of FACTA:• FACTA was signed by President Bush on December 4, 2003.• The provisions of the law have been phased in over the past few years, and all are now in effect.
However, these new provisions also create serious new responsibilities – and potential liabilities – for businesses nationwide. Simply put, if data aiding an identity theft originates from a security breach at your company, you could be sued, fined, or become a defendantin a class-action lawsuit by affected employees whose personal information has somehow gotten out.
However, these new provisions also create serious new responsibilities – and potential liabilities – for businesses nationwide. Simply put, if data aiding an identity theft originates from a security breach at your company, you could be sued, fined, or become a defendantin a class-action lawsuit by affected employees whose personal information has somehow gotten out.
The High Cost of Identity Theft to Business
• Civil liability. An employee could be entitled to recover actual damages sustained if their identity is stolen from an employer. Or, an employer could be liable for statutory damages for up to $1,000 per employee.
• Class action lawsuits. If large numbers of employees are impacted, they may be able to bring class action suits and obtain punitive damages from employers.
• Federal fines. The federal government could fine a covered business up to $2,500 for each violation.
• Civil liability. An employee could be entitled to recover actual damages sustained if their identity is stolen from an employer. Or, an employer could be liable for statutory damages for up to $1,000 per employee.
• Class action lawsuits. If large numbers of employees are impacted, they may be able to bring class action suits and obtain punitive damages from employers.
• Federal fines. The federal government could fine a covered business up to $2,500 for each violation.
This law applies to any business, regardless of size, that collects personal information or consumer reports about customers or employees to make decisions within their business (including names, credit card numbers, birthdates, home addresses and more).
This law applies to any business, regardless of size, that collects personal information or consumer reports about customers or employees to make decisions within their business (including names, credit card numbers, birthdates, home addresses and more).
Who Does FACTA Affect?
Now What? It’s Time to Develop a Plan!
According to the FTC, a “reasonable” plan to safeguard personal information includes:According to the FTC, a “reasonable” plan to safeguard personal information includes:
• Designating an employee (or employees) to coordinate and be responsible for the security program.
• Designating an employee (or employees) to coordinate and be responsible for the security program.
• …..including employee training….• …..including employee training….
• Continually evaluating and adjusting the security plan…..• Continually evaluating and adjusting the security plan…..
• Creating a mitigation plan…..This mitigation plan should kick in when there is a privacy or security breach and there is a need to “repair it” immediately in the eyes of customers, government regulators, and management.
• Creating a mitigation plan…..This mitigation plan should kick in when there is a privacy or security breach and there is a need to “repair it” immediately in the eyes of customers, government regulators, and management.
Federal Trade Commission - Bureau of Consumer Protection - Division of Consumer & Business Education
New ‘Red Flag’ Requirements for Financial Institutionsand Creditors will Help Fight Identity Theft
PG. 2
A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.
A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.
Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies.
Where non-profit and government entities defer payment for goods or services, they, too, are to be considered creditors.
Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies.
Where non-profit and government entities defer payment for goods or services, they, too, are to be considered creditors.
A covered account is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions.
A covered account is also an account for which there is a foreseeable risk of identity theft.
A covered account is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions.
A covered account is also an account for which there is a foreseeable risk of identity theft.
Federal Trade Commission - Bureau of Consumer Protection - Division of Consumer & Business Education
PG. 3
Federal Trade Commission
June 2008
For The Consumer
ftc.gov
1-877-FTC-HELP
Complying with the Red Flag Rules
The program must also describe appropriate responses that would prevent and mitigate the crime…..
The program must also describe appropriate responses that would prevent and mitigate the crime…..
The program must be managed by the Board of Directors or senior employees
The program must be managed by the Board of Directors or senior employees
…include appropriate staff training, and provide for oversight of any service providers.
…include appropriate staff training, and provide for oversight of any service providers.
Under the Red Flags Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs — or “red flags” — of identity theft.Under the Red Flags Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs — or “red flags” — of identity theft.
These laws require businesses to:
♦ Appoint, in writing, an Information Security Officer
♦ Develop a written plan and policy to protect non-public information for employees and customers
♦ Hold training for all employees
♦ Oversee service provider arrangements
Privacy and Security Laws
Be Sure To Check With Your Attorney On How These Laws May Specifically Apply To You
These rules also provide that covered accounts, creditors and businesses must also ensure their service providers and subcontractors comply and have reasonable policies and procedures in place. The rules state:
♦ Liability follows the data.
♦ A covered entity cannot escape its obligation to comply by outsourcing an activity. Businesses must exercise appropriate and effective oversight of service provider arrangements.
♦ Service providers and contractors must comply by implementing reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft.
♦ Contractors with whom the covered accounts exchange personally identifiable information (PII) are required to comply and have reasonable policies and procedures in place to protect information.
Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You
FACTA Red Flag Rules
THANK YOUTHANK YOU
Pre-Paid Legal Services®, Inc.
Paul L. Kennedy, CITRMS
Certified Identity Theft Risk Management Specialist