The Identity Theft Protection Act of 2005 Kim D’Arruda Roy Cooper Attorney General.

Slides:



Advertisements
Similar presentations
Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.
Advertisements

Red Flag Rules: What they are? & What you need to do
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Springfield Technical Community College Security Awareness Training.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
WASHINGTON STATE DEPARTMENT OF REVENUE PROTECTING CONFIDENTIAL TAX INFORMATION.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
Friday June 6, 2014 OBJ: SWBAT understand what identity theft is, what the consequences are, and how to prevent it. Drill: What statement is this cartoon.
Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
1 Identity Theft and Phishing: What You Need to Know.
Protecting Privacy in State Government Basic Training for California State Employees.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
Consumer Privacy & Protection Joanna Acocella May 22, 2007.
SC Identity Theft Act and Red Flag Rules Stephanie O’Cain, CPA Municipal Association of SC October 6, 2009.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Protecting the Confidentiality of Social Security Numbers Business Procedures Memorandum 66 Revised November 1, 2006 The University of Texas System.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
An Act Relative to Security Freezes and Notification of Data Breaches Chapter 82 of the Acts of 2007 Massachusetts Digital Government Summit Securing Private.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
IDENTITY THEFT What it is & how to prevent it. What is identity theft?  Identity theft happens when someone steals your personal information & uses it.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Protecting Sensitive Information PA Turnpike Commission.
2011 SECURITY REFRESHER Information Security. Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives ing Patient Information.
Milada R. Goturi Tonya M. Oliver Thompson Coburn LLP 1.
Have You Lost Your Identity? By Sierra Bowland. Deter Detect Defend.
Washington State Department of Financial Institutions “Regulating financial services to protect and educate the public and promote economic vitality.”
Identity Theft.  What is it?  How is it perpetrated?  Can you avoid it?  What if you become a victim?
2015 ANNUAL TRAINING By: Denise Goff
Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Available from BankersOnline.com/tools 1 FACT ACT RED FLAG GUIDELINES.
Wisconsin Judicial Conference November 11, 2015
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
Case 1 VA Researchers have initiated a study to measure employee satisfaction levels in the ER. An ER nurse has agreed to participate as long as his sensitive.
Configuring Electronic Health Records Privacy and Security in the US Lecture c This material (Comp11_Unit7c) was developed by Oregon Health & Science University.
© Copyright 2010 Hemenway & Barnes LLP H&B
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Jeff loses his identity! Lesson 8: Identity Theft.
© 2013 BALANCE / REV0513 Identity Theft Identity theft can be one of the most shocking and upsetting events to ever happen to you. Fortunately, there are.
Protecting Your Assets By Preventing Identity Theft 1.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
Treat it like it’s yours: best practices for handling student transcript data Bob Hughes Application Support Manager North Orange County CCD CCCTran Steering.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Jeff loses his identity! Lesson 5: Identity Theft.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.
Information Security and Privacy in HRIS
PHI Breach PHI Breach Dealing Breach With HIPAA Guidelines Guidelines.
Protecting Your Assets By Preventing Identity Theft
HIPAA Privacy and Security
Protecting PHI & PII 12/30/2017 6:45 AM
Attention Identity theft Definition
Protecting Your Identity:
Chapter 3: IRS and FTC Data Security Rules
Data Protection Scenarios
Protecting Your Identity
Protecting Your Credit Identity
Move this to online module slides 11-56
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

The Identity Theft Protection Act of 2005 Kim D’Arruda Roy Cooper Attorney General

ID Theft Protection Act of 2005: Statutory Overview Social Security Number Protection Social Security Number Protection Security Freeze Security Freeze Document Destruction Document Destruction Security Breach Security Breach

Social Security Number Protection Statutes dictate collection of SSNs Statutes dictate collection of SSNs  By businesses  By government Practical considerations: Practical considerations:  Don’t carry your SS card with you  Don’t carry a Medicare card with you Request free credit report Request free credit report

Security Freeze What is it? What is it? How to place it? How to place it? How to remove it? How to remove it? What does it cost? What does it cost?

Hypothetical 1 your business is running out of room for old records (some of which contain personal info of employees/customers) your business is running out of room for old records (some of which contain personal info of employees/customers) you determine which records can be disposed of legally you determine which records can be disposed of legally

a)... there are recycling bins in the parking lot and the recycling is picked up every Friday evening there are recycling bins in the parking lot and the recycling is picked up every Friday evening you place your old files in the recycle bin one Friday at lunch time before heading to the beach/mountains for the weekend... you place your old files in the recycle bin one Friday at lunch time before heading to the beach/mountains for the weekend...

b)... you throw the old files into your trash can to be picked up by the cleaning crew that night... you throw the old files into your trash can to be picked up by the cleaning crew that night...

c)... you decide to take your old files to the landfill and dump them... you decide to take your old files to the landfill and dump them...

Hypothetical 2 an employee of your company took a laptop home and it was stolen out of his car an employee of your company took a laptop home and it was stolen out of his car personal info of more than 1000 customers was on laptop personal info of more than 1000 customers was on laptop laptop was password protected laptop was password protected 2 days later, the laptop was retrieved 2 days later, the laptop was retrieved it doesn’t appear that the information on the laptop was accessed... it doesn’t appear that the information on the laptop was accessed...

Reasonable Measures to Protect Information Reasonable Measures to Protect Information Responsibility of Document Disposal Company Responsibility of Document Disposal Company Exceptions Exceptions Destruction of Personal Information

Security Breach Number of breaches AG’s Office has been notified about since Dec. 30, 2005? Number of breaches AG’s Office has been notified about since Dec. 30, 2005? Number of NC residents impacted? Number of NC residents impacted? **as of 11/14/06 -- only includes breaches/numbers reported to AG’s Office; does not include figures from some breaches such as the VA Admin breach 340,972

Security Breach Stats **as of 11/14/06 -- only includes breaches/numbers reported to AG’s Office Type of BreachNumber% Stolen Laptops, Computers & Equip % Hackers/ Unauthorized Access % Release/Display of Info % Data Theft by Employee/Contractor58.06% Lost in Transit23.23% Phishing23.23% Total62

**as of 11/14/06 -- only includes breaches/numbers reported to AG’s Office

Security Breach Stats **as of 11/14/06 -- only includes breaches/numbers reported to AG’s Office Type of BreachNC Residents% Stolen Laptops, Computers & Equip97, % Hackers/ Unauthorized Access6, % Release/Display of Info201, % Data Theft by Employee/Contractor7, % Lost in Transit28, % Phishing160.00% Total340,972

Security Breach Stats **as of 11/14/06 -- only includes breaches/numbers reported to AG’s Office Type of EntityNumber% Financial Services/ Insurance % General Business % Healthcare58.06% Government34.84% Educational00.00% Total62

Security Breach General Provisions General Provisions What is a Security Breach? What is a Security Breach? Who must notify? Who must notify? Notification Requirements Notification Requirements Additional Notice Requirements Additional Notice Requirements

Security Breach = Unauthorized access and acquisition Unauthorized access and acquisition Unencrypted or unredacted records/data Unencrypted or unredacted records/data  Encrypted data only constitutes a breach if the confidential process or key is also acquired Access by an employee in good faith is not a breach as long as the info is used for a legitimate purpose and not further disclosed Access by an employee in good faith is not a breach as long as the info is used for a legitimate purpose and not further disclosed

Provided information for you to be able to keep your company or organization in compliance with the Act Provided information for you to be able to keep your company or organization in compliance with the Act Informed you of the Act so you can share the information with Informed you of the Act so you can share the information with your coworkers your coworkers your friends and family your friends and family and last but not least Provided you with a better understanding of how to protect your own identity Provided you with a better understanding of how to protect your own identity Things I Hope I Have Done

The Identity Theft Protection Act of Kim D’Arruda Assistant Attorney General

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.