Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Privacy Symposium – Summer 2007 Identity Theft Resource Center Linda Foley, Founder Presents: Privacy and Identity Theft Case Study © Aug 2007.

Published byChrystal Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "The Privacy Symposium – Summer 2007 Identity Theft Resource Center Linda Foley, Founder Presents: Privacy and Identity Theft Case Study © Aug 2007."— Presentation transcript:

1 The Privacy Symposium – Summer 2007 Identity Theft Resource Center Linda Foley, Founder Presents: Privacy and Identity Theft Case Study © Aug 2007

2 The Privacy Symposium – Summer 2007 Identity Theft Defined Identity theft occurs when an imposter gains access to personal identifying information and uses it for: Credit and loans New accounts, check fraud Jobs, employment, contracts Tenancy and mortgages Avoidance of arrest and criminal records

3 The Privacy Symposium – Summer 2007 Identity Theft National Impact New identity theft cases range between 9 and 15 million cases per year, depending upon the information source New cases occur every 3.5 or 2.1 seconds, take your pick! Affects the national economy, as fraud loss is either absorbed by the company or passed along to the consumers or taxpayers, thus having a socio-economic impact Consumer confidence is shaken by data breaches and identity theft Identity theft ranks as one of the top 5 fears among consumers Identity theft is a matter of national security Who benefits from this situation?

4 The Privacy Symposium – Summer 2007 Business and Privacy The cost to business for data breaches and identity theft continues to rise at an ever increasing rate Old formula: Cost of fraud loss write-off vs. remediation New formula: Cost of fraud loss write-off vs. direct incremental costs, lost productivity, customer confidence, lost customers, negative publicity, fines, lawsuits, cy pres awards, investigation and victim remediation* Largest breach cost is customer turnover; The cost to brand and corporate reputation can be the most long lasting effect When the pain of the situation is greater than the pain of the solution, we will change It’s Time to Change! *Ponemon Institute

5 The Privacy Symposium – Summer 2007 Business and Privacy ITRC Breach Data as of 7/10/07: 193 breaches affecting 87,941,305 individual records –Financial Institutions: ~7% of breaches and ~11% of total records –Business: ~20% of breaches and ~79% of total records –Education: ~31% of breaches and only ~1% of records –Government: ~26% of breaches and ~6% of records –Medical/Healthcare: 15% of breaches and ~4% of records Financial institutions and Medical/Healthcare have relatively small percentage of breaches and records exposed, despite handling a high volume of records

6 The Privacy Symposium – Summer 2007 Business and Privacy Financial and Medical institutions appear to have had better data protection over the past several years –Myriad compliance requirements and regulations to ensure that they protect consumer financial information –Security and confidentiality of customer information is mandated –Audits for security and confidentiality are continuous and ongoing Business, Government, and Education appear to have increasing problems with data exposure –Increasing media and public awareness of the possible impact of breaches leading to identity theft –Relationship between breaches and identity theft is not completely identified, but consumers perceive a strong connection between the two Is Regulation the only answer?

7 The Privacy Symposium – Summer 2007 Victim Impact The ITRC has spent years studying and assessing identity theft and its impact on victims. Through its own studies and victim assistance, the ITRC has realized that identity theft not only has a financial effect on its victims, it also has an emotional impact that may last for years.

8 The Privacy Symposium – Summer 2007 Areas of Impact on Victim Financial –Loss of employment and tenancy –Inability to gain employment, tenancy or mortgages –Inability to obtain credit, loans (including financial aid) Emotional and Psychological –Ranging from anger and distress to severe clinical depression –Stress on marriage and family –Exacerbate existing medical conditions Inability to pursue life goals or career –Furthering of educational aspirations –Furthering your career aspirations –Achieving personal dreams

9 The Privacy Symposium – Summer 2007 Case Study – Actual Victim The victim’s employee information was exposed by her employer by not practicing safe information handling – folders left out on the desk, picked up by another employee The employee file included all of the victim’s personal identifying information (PII) The information was used to bring an illegal immigrant into the United States

10 The Privacy Symposium – Summer 2007 Case Study – Details On-going use of information by her impostor to: obtain 43 lines of credit (more than $200,000), commit criminal acts, gain employment, receive welfare, receive fraudulent IRS tax returns, as well as get married and have children using the victim’s identity This case was multi-jurisdictional, causing law enforcement not to investigate due to difficulty and cost of investigation The end result: this victim had to change her name, social security number and all of her personal information. To this day, more than 12 years later, the impostor continues to use victim’s information.

11 The Privacy Symposium – Summer 2007 Case Study - Negative Business Response Failure to authenticate and verify identity of applicant Failure to follow fraud alerts and consumer statements by numerous businesses and retailers Failure to clear fraudulent accounts and/or provide letters of clearance causing many fraudulent accounts to go to collection Failure to file charges against the impostor due to “cost” of investigation and attorney’s fees Many of the same businesses continued to open new fraudulent accounts despite the closure of other fraudulent accounts at that same business and the annotation as “identity theft”

12 The Privacy Symposium – Summer 2007 Case Study – Positive Business Response A handful of companies did observe the fraud alert and consumer statement –Contacted victim and confirmed new applications –Denied new fraudulent applications Two companies provided application and transaction information to assist in victim’s own investigation –Information was critical for the victim to clear herself Some companies did provide letters of clearance and ceased collection action –Letters of Clearance reaffirm victim’s innocence in future transactions One company filed police report against impostor –Victim readily advertises this company as superior

13 The Privacy Symposium – Summer 2007 Why Fight Identity Theft ? Increase consumer loyalty and trust Increase in consumer respect Increase in customer retention Improve employee productivity Minimize financial losses Avoid negative publicity

14 The Privacy Symposium – Summer 2007 Create an organizational ethic where all employees realize the importance of protecting personal information Use best practices in information handling: –Authentication and Verification –Protection of all PII (Personal Identifying Information) –Limit access to PII by employees on a need to know basis –Proper disposal of sensitive documents and electronic data Commit to writing the policy on PII protection and advertise this policy to customers Strict observation of fraud alerts from the CRA’s New Organizational Philosophy - Prevention

15 The Privacy Symposium – Summer 2007 New Organizational Philosophy – Victim Mitigation Have a written protocol for handling of identity theft cases –Enhanced training for those who first encounter victims –Elevate victims to ombudsman trained for identity theft cases Provide documents and information so that victim can file a fraud affidavit with your organization Provide victim with transaction details and credit application information, so that victim can proceed with mitigation When fraud is determined, provide letter of clearance and stop all collection action against victim Support law enforcement efforts in investigating the identity theft case

16 The Privacy Symposium – Summer 2007 New Organizational Philosophy – Data Breaches Data Breaches are not an “IF”, they are a “When” Organizational responsibility is minimized when adequate steps have been taken to protect the information Law enforcement must be notified when you suspect a data breach of PII Prepare a comprehensive, intelligent, and timely breach notification for the affected parties –A bad notification is worse than no notification –Not communicating is unacceptable –Lack of timely information will create panic – media will speculate Have a prepared “response team” to handle affected parties, media and other inquiries regarding the breach

17 The Privacy Symposium – Summer 2007 The Bottom Line Preparation and response to fraud losses have a cost. The loss of your organization’s reputation will be much more costly. How will the court of public opinion measure your organization?

18 The Privacy Symposium – Summer 2007 Contact Information Identity Theft Resource Center (858) 693-7935 www.idtheftcenter.org

19 The Privacy Symposium – Summer 2007 Questions

Download ppt "The Privacy Symposium – Summer 2007 Identity Theft Resource Center Linda Foley, Founder Presents: Privacy and Identity Theft Case Study © Aug 2007."

Similar presentations

Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Identity Theft …It could be you But This Presentation is by me, Michelle Richards.

Identity Theft …It could be you But This Presentation is by me, Michelle Richards.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Paychecks and Tax Forms. Where Does My Money Go? Almost 31% of an individual’s paycheck is deducted  Taxes are the largest expense most individuals will.

Paychecks and Tax Forms. Where Does My Money Go? Almost 31% of an individual’s paycheck is deducted  Taxes are the largest expense most individuals will.
Identity Fraud Prevention 1 Copyright Identity Management Institute®

Identity Fraud Prevention 1 Copyright Identity Management Institute®
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
A ID Theft & ACCOUNT FRAUD Welcome to MoneyWI$E A CONSUMER ACTION AND CAPITAL ONE PARTNERSHIP Prevention & Cleanup © 2012.

A ID Theft & ACCOUNT FRAUD Welcome to MoneyWI$E A CONSUMER ACTION AND CAPITAL ONE PARTNERSHIP Prevention & Cleanup © 2012.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Consumer Action: Presentation Skills & Games.  To gain knowledge or a skill they need.  To better manage changes in their lives.  To keep up with changes.

Consumer Action: Presentation Skills & Games.  To gain knowledge or a skill they need.  To better manage changes in their lives.  To keep up with changes.
Identity Theft By: Tory Childs, Lucas Doyle, Kaitlyn Davidson, Trevor Godwin and Chad Sponseller.

Identity Theft By: Tory Childs, Lucas Doyle, Kaitlyn Davidson, Trevor Godwin and Chad Sponseller.
© Chery F. Kendrick & Kendrick Technical Services.

© Chery F. Kendrick & Kendrick Technical Services.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Employment Screening: CORI and Private Background Checks Presented by the Massachusetts Law Reform Institute 99 Chauncy St., Suite 500, Boston, MA 02111.

Employment Screening: CORI and Private Background Checks Presented by the Massachusetts Law Reform Institute 99 Chauncy St., Suite 500, Boston, MA
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.

© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.

Similar presentations

Ads by Google