Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Published byMoris Fleming Modified over 9 years ago

Similar presentations

Presentation on theme: "Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection."— Presentation transcript:

1 Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection

2 2 Outline of Presentation Office of Privacy Protection CA Law on Notification of Security Breach (SB 1386) CA ID Theft Laws and FACTA

3 3 Office of Privacy Protection Mission Promote and protect the privacy interests of individuals in a manner consistent with the California Constitution. Identify consumer privacy problems and facilitate development of fair information practices.

4 4 Office of Privacy Protection Functions Offer assistance to consumers Provide information & education Coordinate with law enforcement Recommend best practices to protect individual privacy

5 5 Why People Contact OPP

6 6 The CA Constitution & Federal Preemption California Constitution, Article 3, § 3.5: An administrative agency…has no power… (c) To declare a statute unenforceable, or to refuse to enforce a statute on the basis that federal law or federal regulations prohibit the enforcement of such statute unless an appellate court has made a determination that the enforcement of such statute is prohibited by federal law or federal regulations.

7 7 CA Identity Theft & Data Protection Laws in FACTA Blocking of ID theft info in credit files CA Civil Code §§ 1785.16(k), 1785.16.1, 1785.16.3,1785.20.3(b) — FCRA § 605B Victim access to documents on fraudulent accounts CA Penal Code § 530.8 — FCRA § 609(e) Credit card number truncation CA Civil Code § 1747.9 — FCRA § 605(g) Destruction of customer records CA Civil Code § 1798.81 — FCRA § 628

8 8 CA Identity Theft Laws Not in FACTA Right of victim to get police report CA Penal Code § 530.6 Rights of “criminal ID theft” victim CA Penal Code §§ 530.6- 530.7 Right of victim to bring action vs. claimant CA Civil Code § 1798.93 Right of victim to 12 free credit reports in year CA Civil Code § 1785.15.3(b) Right to freeze credit files CA Civil Code § 1785.11.2 et seq. Burden of proof on debt collector in ID theft CA Civil Code § 1788.18

9 9 CA Data Protection Laws Not in FACTA Ban on public display of SSNs CA Civil Code § 1798.85 et seq. Ban on recording personal info on credit card transactions CA Civil Code § 1747.8 Ban on recording credit card # on checks CA Civil Code § 1725 Limits on use of personal info swiped from DL CA Civil Code § 1798.90 Secure mailing of “convenience checks” CA Financial Code § 22342(d) Requirement to notify of security breach CA Civil Code §§ 1798.29, 1798.82 et seq.

10 10 Contacts on ID Theft & Security Breaches thru 4/14/04

11 11 CA Notice of Security Breach Law Applies to person, company, state agency Must notify people “in the most expedient time possible and without unreasonable delay” if personal information is acquired by unauthorized person Civil Code §§ 1798.29, 1798.82 & 1798.84

12 12 Notice of Security Breach Law Applies to unencrypted, computerized data including personal info Personal info defined: First name or initial and last name, plus SSN, DL#, or financial account number and any PW. Time allowed for internal analysis to determine scope, and law enforcement investigation

13 13 Notice of Security Breach Law Notice may be: Written, or Electronic, or Substitute if >$250,000 or >500,000 people Substitute notice must be all of: Email when agency has addresses Web site posting Major statewide media

14 14 The Notification Test 1. Was there a "breach of the security" of the data as defined? 2. Does the data include “personal information" as defined? 3. Does that "personal information" relate to a California resident? 4. Was the "personal information" unencrypted? 5. Was the "personal information" acquired, or reasonably believed to have been acquired, by an unauthorized person?

15 15 Examples of Incidents Hacking into server containing file w/ names & SSNs Stolen computers w/ names & SSNs Documents containing names & SSNs mailed to wrong people Server hijacked for use as relay to download music or to send spam (server has files with names, SSNs, etc.)

16 16 Best Practices Document “Recommended Practices on Notification of Security Breach Involving Personal Information” Protection & Prevention Preparation for Notification Notification (with sample letters) Available on Web site on Recommended Practices page

17 CFP, April 23, 2004 Contact Information Joanne McNabb, Chief 400 R Street, Suite 3080 Sacramento, CA 95814 916-322-4420 joanne_mcnabb@dca.ca.gov www.privacy.ca.gov

Download ppt "Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection."

Similar presentations

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.
Identity Theft If you are a victim of identity theft, take the following four steps as soon as possible!

Identity Theft If you are a victim of identity theft, take the following four steps as soon as possible!
Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
IAPP Seminar, June 11, 20041 CA Privacy Law: Resources & Protections Dana F. Winterrowd, Staff Counsel California Department of Consumer Affairs.

IAPP Seminar, June 11, CA Privacy Law: Resources & Protections Dana F. Winterrowd, Staff Counsel California Department of Consumer Affairs.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
MoneyWi$e: ID THEFT & ACCOUNT FRAUD ID Theft & Account Fraud Prevention and Clean Up.

MoneyWi$e: ID THEFT & ACCOUNT FRAUD ID Theft & Account Fraud Prevention and Clean Up.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference Joan Wilson Asst Attorney General State of Alaska

A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference Joan Wilson Asst Attorney General State of Alaska
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
Presented by: Roberta Ward CDHS Privacy Officer Phone: (916) 440-7750 www.dhs.ca.gov/privacyoffice.

Presented by: Roberta Ward CDHS Privacy Officer Phone: (916)
Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.

Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
National Association of Student Financial Aid Administrators The following is a presentation prepared for NASFAA’s 2007 Conference in Washington, DC July.

National Association of Student Financial Aid Administrators The following is a presentation prepared for NASFAA’s 2007 Conference in Washington, DC July.
The Identity Theft Protection Act of 2005 Kim D’Arruda Roy Cooper Attorney General.

The Identity Theft Protection Act of 2005 Kim D’Arruda Roy Cooper Attorney General.
Consumer Privacy & Protection Joanna Acocella May 22, 2007.

Consumer Privacy & Protection Joanna Acocella May 22, 2007.

Similar presentations

Ads by Google