The Privacy Symposium – Summer 2007 Identity Theft Resource Center Linda Foley, Founder Presents: Privacy and Identity Theft Case Study © Aug 2007.

Slides:



Advertisements
Similar presentations
Compliance with Federal Trade Commission’s “Red Flag Rule”
Advertisements

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Red Flag Rules: What they are? & What you need to do
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Identity Theft …It could be you But This Presentation is by me, Michelle Richards.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Paychecks and Tax Forms. Where Does My Money Go? Almost 31% of an individual’s paycheck is deducted  Taxes are the largest expense most individuals will.
Identity Fraud Prevention 1 Copyright Identity Management Institute®
Deter, Detect, Defend: The FTC’s Program on Identity Theft.
A ID Theft & ACCOUNT FRAUD Welcome to MoneyWI$E A CONSUMER ACTION AND CAPITAL ONE PARTNERSHIP Prevention & Cleanup © 2012.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Consumer Action: Presentation Skills & Games.  To gain knowledge or a skill they need.  To better manage changes in their lives.  To keep up with changes.
Identity Theft By: Tory Childs, Lucas Doyle, Kaitlyn Davidson, Trevor Godwin and Chad Sponseller.
© Chery F. Kendrick & Kendrick Technical Services.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Employment Screening: CORI and Private Background Checks Presented by the Massachusetts Law Reform Institute 99 Chauncy St., Suite 500, Boston, MA
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.
General Awareness Training
Texas House of Representatives Committee on Criminal Jurisprudence Testimony of Randall S. James Banking Commissioner Texas Department of Banking August.
WHO’S IN YOUR “WALLET” WHO’S IN YOUR “WALLET” YOU BETTER “RECOGNIZE” YOU BETTER “RECOGNIZE” STEPPING $200 $200 $300 $400 $500 $400 $300 $200 $500 $400.
2015 ANNUAL TRAINING By: Denise Goff
FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,
Welcome to the world of Identity Theft and Identity Fraud. Will YOU be the next victim? “Once considered primarily an economic crime or a juvenile pastime,
ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.
Chapter 9-Section 1 Resolving Credit Problems. Disputing Charges—Credit Card Statement  Disputing Charges—the process of informing a credit card company.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Protect Your Business Become a Hard Target. Where Are We Going?
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
Protecting Your Organization Identity Theft and Data Breach.
Red Flag Training IDENTITY THEFT PREVENTION PROGRAM OVERVIEW AUTOMOTIVE.
Kelly Herd Rebecca Hofeling IDENTITY THEFT AND PROTECTION Communication 2500.
Annex A ASBOs are a powerful tool for protecting victims and stopping anti-social behaviour. Much effort goes into getting the ASBO by the agencies involved.
The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007.
FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
By: Asfa Khan and Huda Mukhtar
Preventing and Detecting Identity Theft: Partnering with the IRS to Meet the Challenge Anita Douglas Senior Stakeholder Liaison November 13, 2015.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Protecting Your Assets By Preventing Identity Theft 1.
Protecting Yourself from Fraud including Identity Theft Advanced Level.
WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.
Business Integrity and Fraud Prevention By Kelvin Ko and Andy Cheung.
Investigations: Strategies and Recommendations (Hints and Tips) Leah Lane, CFE Director, Global Investigations, Texas Instruments, Inc.
MASSACHUSETTS BANK REPORTING PROJECT Management Training A collaboration of The Executive Office of Elder Affairs The Office of the Attorney General The.
Welcome to Unit Nine CJ230 Identity Theft Prof. Hulvat.
IRS Resources for Payroll Professionals & IRS Combats ID Theft with the Help of Payroll Professionals June 16, 2016 Nora Huffman.
Protecting Your Assets By Preventing Identity Theft
Advanced Income Tax Law
Identity Theft Presentation
Tax Identity Theft Presenter Date
Chapter 3: IRS and FTC Data Security Rules
Citi fraud/identity theft TRAINING
Paychecks and Tax Forms Take Charge of your Finances
DATA BREACHES & PRIVACY Christine M
CompTIA Security+ Study Guide (SY0-401)
Protecting Yourself from Fraud including Identity Theft
Tax Crime and Compliance Issues
Land Grant University Tax Education Foundation
Protecting Yourself from Fraud including Identity Theft
Connections Abuse Prevention Plan 2018.
CCP 420: FRAUD DETECTION AND MANAGEMENT
Move this to online module slides 11-56
Protecting Yourself from Fraud including Identity Theft
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

The Privacy Symposium – Summer 2007 Identity Theft Resource Center Linda Foley, Founder Presents: Privacy and Identity Theft Case Study © Aug 2007

The Privacy Symposium – Summer 2007 Identity Theft Defined Identity theft occurs when an imposter gains access to personal identifying information and uses it for: Credit and loans New accounts, check fraud Jobs, employment, contracts Tenancy and mortgages Avoidance of arrest and criminal records

The Privacy Symposium – Summer 2007 Identity Theft National Impact New identity theft cases range between 9 and 15 million cases per year, depending upon the information source New cases occur every 3.5 or 2.1 seconds, take your pick! Affects the national economy, as fraud loss is either absorbed by the company or passed along to the consumers or taxpayers, thus having a socio-economic impact Consumer confidence is shaken by data breaches and identity theft Identity theft ranks as one of the top 5 fears among consumers Identity theft is a matter of national security Who benefits from this situation?

The Privacy Symposium – Summer 2007 Business and Privacy The cost to business for data breaches and identity theft continues to rise at an ever increasing rate Old formula: Cost of fraud loss write-off vs. remediation New formula: Cost of fraud loss write-off vs. direct incremental costs, lost productivity, customer confidence, lost customers, negative publicity, fines, lawsuits, cy pres awards, investigation and victim remediation* Largest breach cost is customer turnover; The cost to brand and corporate reputation can be the most long lasting effect When the pain of the situation is greater than the pain of the solution, we will change It’s Time to Change! *Ponemon Institute

The Privacy Symposium – Summer 2007 Business and Privacy ITRC Breach Data as of 7/10/07: 193 breaches affecting 87,941,305 individual records –Financial Institutions: ~7% of breaches and ~11% of total records –Business: ~20% of breaches and ~79% of total records –Education: ~31% of breaches and only ~1% of records –Government: ~26% of breaches and ~6% of records –Medical/Healthcare: 15% of breaches and ~4% of records Financial institutions and Medical/Healthcare have relatively small percentage of breaches and records exposed, despite handling a high volume of records

The Privacy Symposium – Summer 2007 Business and Privacy Financial and Medical institutions appear to have had better data protection over the past several years –Myriad compliance requirements and regulations to ensure that they protect consumer financial information –Security and confidentiality of customer information is mandated –Audits for security and confidentiality are continuous and ongoing Business, Government, and Education appear to have increasing problems with data exposure –Increasing media and public awareness of the possible impact of breaches leading to identity theft –Relationship between breaches and identity theft is not completely identified, but consumers perceive a strong connection between the two Is Regulation the only answer?

The Privacy Symposium – Summer 2007 Victim Impact The ITRC has spent years studying and assessing identity theft and its impact on victims. Through its own studies and victim assistance, the ITRC has realized that identity theft not only has a financial effect on its victims, it also has an emotional impact that may last for years.

The Privacy Symposium – Summer 2007 Areas of Impact on Victim Financial –Loss of employment and tenancy –Inability to gain employment, tenancy or mortgages –Inability to obtain credit, loans (including financial aid) Emotional and Psychological –Ranging from anger and distress to severe clinical depression –Stress on marriage and family –Exacerbate existing medical conditions Inability to pursue life goals or career –Furthering of educational aspirations –Furthering your career aspirations –Achieving personal dreams

The Privacy Symposium – Summer 2007 Case Study – Actual Victim The victim’s employee information was exposed by her employer by not practicing safe information handling – folders left out on the desk, picked up by another employee The employee file included all of the victim’s personal identifying information (PII) The information was used to bring an illegal immigrant into the United States

The Privacy Symposium – Summer 2007 Case Study – Details On-going use of information by her impostor to: obtain 43 lines of credit (more than $200,000), commit criminal acts, gain employment, receive welfare, receive fraudulent IRS tax returns, as well as get married and have children using the victim’s identity This case was multi-jurisdictional, causing law enforcement not to investigate due to difficulty and cost of investigation The end result: this victim had to change her name, social security number and all of her personal information. To this day, more than 12 years later, the impostor continues to use victim’s information.

The Privacy Symposium – Summer 2007 Case Study - Negative Business Response Failure to authenticate and verify identity of applicant Failure to follow fraud alerts and consumer statements by numerous businesses and retailers Failure to clear fraudulent accounts and/or provide letters of clearance causing many fraudulent accounts to go to collection Failure to file charges against the impostor due to “cost” of investigation and attorney’s fees Many of the same businesses continued to open new fraudulent accounts despite the closure of other fraudulent accounts at that same business and the annotation as “identity theft”

The Privacy Symposium – Summer 2007 Case Study – Positive Business Response A handful of companies did observe the fraud alert and consumer statement –Contacted victim and confirmed new applications –Denied new fraudulent applications Two companies provided application and transaction information to assist in victim’s own investigation –Information was critical for the victim to clear herself Some companies did provide letters of clearance and ceased collection action –Letters of Clearance reaffirm victim’s innocence in future transactions One company filed police report against impostor –Victim readily advertises this company as superior

The Privacy Symposium – Summer 2007 Why Fight Identity Theft ? Increase consumer loyalty and trust Increase in consumer respect Increase in customer retention Improve employee productivity Minimize financial losses Avoid negative publicity

The Privacy Symposium – Summer 2007 Create an organizational ethic where all employees realize the importance of protecting personal information Use best practices in information handling: –Authentication and Verification –Protection of all PII (Personal Identifying Information) –Limit access to PII by employees on a need to know basis –Proper disposal of sensitive documents and electronic data Commit to writing the policy on PII protection and advertise this policy to customers Strict observation of fraud alerts from the CRA’s New Organizational Philosophy - Prevention

The Privacy Symposium – Summer 2007 New Organizational Philosophy – Victim Mitigation Have a written protocol for handling of identity theft cases –Enhanced training for those who first encounter victims –Elevate victims to ombudsman trained for identity theft cases Provide documents and information so that victim can file a fraud affidavit with your organization Provide victim with transaction details and credit application information, so that victim can proceed with mitigation When fraud is determined, provide letter of clearance and stop all collection action against victim Support law enforcement efforts in investigating the identity theft case

The Privacy Symposium – Summer 2007 New Organizational Philosophy – Data Breaches Data Breaches are not an “IF”, they are a “When” Organizational responsibility is minimized when adequate steps have been taken to protect the information Law enforcement must be notified when you suspect a data breach of PII Prepare a comprehensive, intelligent, and timely breach notification for the affected parties –A bad notification is worse than no notification –Not communicating is unacceptable –Lack of timely information will create panic – media will speculate Have a prepared “response team” to handle affected parties, media and other inquiries regarding the breach

The Privacy Symposium – Summer 2007 The Bottom Line Preparation and response to fraud losses have a cost. The loss of your organization’s reputation will be much more costly. How will the court of public opinion measure your organization?

The Privacy Symposium – Summer 2007 Contact Information Identity Theft Resource Center (858)

The Privacy Symposium – Summer 2007 Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.