Driver’s License IDentity Theft

Thieves use my information to acquire a driver’s license in my name or claim to be me during a traffic stop

• I could receive DWI, DUI, and other driving-related charges
• My driving privileges could be suspended or revoked
• I could be arrested during a routine traffic stop for crimes you did not commit

 An 82-year-old grandmother, quit driving during the Truman administration. In 2001 she “suddenly found herself in what she describes as a ‘living hell’ after one of her neighbors, arrested on drunk-driving charges...pretended to be her. ‘I was told there were warrants for my arrest...I was afraid to answer the phone’.
AARP Bulletin, February 2004

Social Security (SSN) IDentity Theft

Thieves use my SSN IDentity to gain employment or to report income under my name

• Thieves take the income, but don't pay the taxes, leaving me with the bill
• Wanted criminals use my SSN IDentity so they can get employment without being found
• Illegal immigrants use my SSN IDentity to gain employment.
• Thieves and Criminals use my SSN for employment, medical, financial, criminal, school, and other purposes.

The Secret List of ID Theft Victims
A Chicago woman applied for a job at a local Target department store and was denied. The reason? She already worked there – or rather, her Social Security number already worked there. Follow-up investigation revealed the same Social Security Number … used to obtain work at 37 other employers.

 “People need to wake up to this problem. They are destroying people’s credit, Social Security benefits, and everything else.”
MSNBC, January 29, 2005

Medical IDentity Theft

Thieves use your information for insurance benefits, R_x, Medicare, Medicaid benefits, or for medical tests

• My rates could go up or my coverage could be canceled or used up
• I could owe thousands of dollars for a procedure I never had
• I could be unable to obtain medical or life insurance, other coverage, and/or employment because of conditions that I do not have (AIDS, Diabetes etc…)

 “If the person who steals your health identity has allergies or specific medical conditions that collide with yours for instance … when you go in for care, you may experience a dangerous drug interaction or unknowingly be denied potentially lifesaving medications or treatments because they will assume the thief’s medical information is yours.”
Carole Pennington 9/7/2005

Medical IDentity Theft: The information crime that can kill you

“As the health care system transitions from paper-based to electronic, this crime may become easier to commit and harder to trace. Victims may find it more difficult to recover from medical identity theft as medical errors are disseminated and redisseminated through computer networks and other medical information-sharing pathways.”   World Privacy Forum, May 2006

Character / Criminalinancial IDentity Theft

Thieves mask their criminal activity behind my identity

• I could be arrested
• I could be denied employment because of fraudulent criminal records found during routine background checks
• Security checkpoints at airports could become a nightmare for me
• I could be denied a passport and be barred from leaving the country

[story here]

Financial IDentity Theft

Thieves use my information to open new accounts or to gain access to existing accounts

• Thieves rob my accounts
• They rack up outrageous charges on credit cards, take out new loans, and more
• They destroy my credit, forcing me to pay higher rates
• I can absolutely be held responsible for the debts incurred by the thieves in my name

 Each year, 7 to 10 million Americans fall prey to IDentity Theft… From massive data-brokerage firms to tiny local banks, your identity is irretrievably ‘out there.’ - MSNBC

ID Fraudsters Stay One Step Ahead
IDentity thieves are increasingly finding their jackpot is not in your mailbox or kitchen trash bag, but the computer files stored at your chiropractor, accountant or doctor … the future is not burglaries of your home, but of dentists, CPA’s, insurers etc...
MarketWatch, October 2, 2005

Business IDentity Theft Information Center

• CONCERNING: Federal legislation (and a multitude of state laws)
• AFFECTED: 100% of businesses owners who deal with customer and employee information
• UNAWARE: 87% of all business owners are not aware that these laws affect them
• TIMELINE: EFFECTIVE IMMEDIATELY
• CONSEQUENCES: Business closures, major fines/penalties - up to $1,000,000, criminal and
   civil litigation, jail time

As a business owner, HR director, or compliance officer you know there are laws every business must follow.
However, a recent survey showed only 13% of business owners recognized the term “FACTA”.
That could mean that 87% of all business owners aren't aware of FACTA.

• FACTA is federal legislation that went into effect June 2005
• FACTA can shut down your business whether you have two or two thousand employees
• FACTA provides a major fine to your and your business by the FTC for non compliance
• FACTA provides a way for lawyers to open litigation against your business on behalf of customers or employees

FACTA is only one piece if legislation that affects you business. There are others:

HIPPA security rules

Gramm, Leach, Bliley (GLB) Safeguard Rules

Numerous individual state rules
(such as the Texas Whistle Blower Statute)

TAKING NO ACTION COULD COST YOUR BUSINESS, or YOU PERSONALLY,
UP TO $1,000,000 IN FINES AND UP TO 10 YEARS IN PRISON

These laws (and civil and criminal penalties if necessary) apply to any business (large or small) that collects personal information about customers or employees (including credit card numbers, birthdates, home address, and more.)

You must make critical decisions about your business.
 

 Does your business comply?
Most business owners want to take action after they learn the requirements and potential consequences
But many don't know where to start

The July/August 2006 issue of "Corporate Board Member" ask and answers the question,
"Who will class-action lawyers go after next?"
Unfortunately, any company which has access to personal data about customer and employees may be targeted. "This applies to just about everybody, but with concerns about identity theft zooming, any company that accidentally discloses data protected by privacy laws run the risk of litigation."

According to CIO Magazine, if you experience a security breach:
 

20% of your affected customer base will no longer do business with you
40% will consider ending the relationship
5% will be hiring lawyers
When it comes to cleaning up this mess, companies on average spend 1,600 work hours per incident at a cost of $40,000 to $92,000 per victim
The Coming Pandemic, Michael Freidberg, May 15, 2006

Important Legislation

• F.A.C.T.A.
• HIPAA Security Rule
• Gramm, Leach, Bliley Safeguard Rule
• Individual State Laws
  (i.e. Texas Whistle Blower Statute)

Be Sure To Check With Your Attorney On How These Laws May Specifically Apply To You

Fair and Accurate Credit Transactions Act (FACTA)
Applies To Every Business And Individual Who Maintains, Or Otherwise Possesses, Consumer Information For A Business Purpose.

Employee or Customer information lost under the wrong set of circumstances may result in:

Federal and State Fines of $2500 per occurrence
Civil Liability of $1000 per occurrence
Class action Lawsuits with no statutory limitation
Responsible for actual losses of Individual ($92,893 Avg.)

Gramm, Leach, Bliley Safeguard Rule
Eight Federal Agencies and any State can enforce this law

Applies To Any Organization That Maintains Personal Financial Information Regarding It’s Clients Or Customers

Non-Public Personal Information (NPPI) lost under the wrong set of circumstances may result in:

Fines up to $1,000,000 per occurrence
Up to 10 Years Jail Time for Executives
Removal of management
Executives within an organization can be held accountable for non-compliance both civilly and criminally

Organizations Includes:
Financial Institutions, Schools, Credit Card Firms, Insurance Companies, Lenders, Brokers, Car Dealers, Accountants, Financial Planners, Real Estate Agents

The FTC categorizes an impressive list of businesses as financial institutions and these so-called “non-bank” businesses comprise a huge array of firms that may be unaware they are subject to GLB.

HIPAA Security Rule
April 21, 2005 - Scope broadened on April 21, 2006
Applies To Any Organization Or Individuals Who Retain Or Collect Health Information.

Medical information lost under the wrong set of circumstances may result in:
 

Fines up to $250,000 per occurrence
Up to 10 Years Jail Time for Executives
 

Requires:

Appointment of an Information Security Officer
Have a written policy to protect NPPI
Mandatory Training for employees who have access to NPPI

To help you, a No-Cost program exists for your company ...

May Reduce Company Losses
Offer a plan that offers full restoration, which means the majority of the time in restoring an employee’s identity is covered by the membership and not done on company time and/or company expense. Also, offer a legal service plan help that address related issues.

Potential Early Warning System
If a number of your employees get notified of improper usage of their identities, this may act as an early warning system to your company of a possible internal breach.

BLR says this “Provides an Affirmative Defense for the company.”
“One solution that provides an affirmative defense against potential fines, fees, and lawsuits is to offer some sort of identity theft protection as an employee benefit. An employer can choose whether or not to pay for this benefit. The key is to make the protection available, and have a mandatory employee meeting on identity theft and the protection you are making available, similar to what most employers do for health insurance … Greg Roderick, CEO of Frontier Management, says that his employees "feel like the company's valuing them more, and it's very personal."
Business and Legal Reports, January 19, 2006

Mitigating Damages
To potentially protect yourself, you could have all employees sign this document
It makes employees aware of their legal responsibilities to protect NPI
It serves as proof that handlers of NPI have been through some the mandatory training required by law

Employee Confidentiality Document
Acts as a Good Faith step in attempting to comply with FACTA, GLB, HIPAA, etc … According to Betsy Broder of the FTC, “We will act against businesses that fail to protect their data … She understands that most small businesses cannot be expected to hire a full time privacy specialists but adds that all businesses must be able to show they have a security plan in place. “We're not looking for a perfect system .. But we need to see that you've taken reasonable steps to protect your customer’s information”.

* Subject To Terms And Conditions

Action Steps...

1. Get a firm understanding of the Important Legislation you learned about today. A great site with a tremendous amount of information is the FTC PUBS index:

F.A.C.T.A: www.ftc.gov/os/2004/11/041118disposalfrn.pdf
HIPAA: www.hipaa.org
Gramm-Leach-Bliley Act: www.ftc.gov/os/2002/05/67fr36585.pdf
Two great resources for white papers: www.omnirim.com www.recall.com

Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You

2. Based on provisions in HIPAA and Gramm-Leach-Bliley, appoint an Information Security Officer.

3. Set an appointment before you leave so that you have dual records that “Good Faith” measures are in process. Confirm in writing and keep and copy when you get back to office for your protection.

4. Review Employee Confidentiality Form and everything else you have questions on with your counsel.

DISCLAIMER:
The laws discussed in this presentation are, like most laws, constantly amended and interpreted through legal and social challenges.
You are encouraged to review the laws and draw your own conclusions through independent research.
The information provided is not to be taken as legal advice.

[MyNameHasBeenStolen]

 Web site design by TalkTodayNet