Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Jersey Identity Theft Prevention Act Presented by: Annmarie Simeone.

Similar presentations


Presentation on theme: "New Jersey Identity Theft Prevention Act Presented by: Annmarie Simeone."— Presentation transcript:

1 New Jersey Identity Theft Prevention Act Presented by: Annmarie Simeone

2 What is Identity Theft? In general terms, identity theft is the misappropriation and fraudulent use of a person’s personal or confidential information.In general terms, identity theft is the misappropriation and fraudulent use of a person’s personal or confidential information. Examples of personal, confidential information are: SSN, drivers license number, names, addresses, dates of birth, credit card numbers, PINS, bank account numbers.Examples of personal, confidential information are: SSN, drivers license number, names, addresses, dates of birth, credit card numbers, PINS, bank account numbers.

3 The NJ Act Refers to “Personal Information” and Defines it as: A person’s last name and first name (or initial)A person’s last name and first name (or initial) PLUS – One or more of the following: PLUS – One or more of the following: –social security number –driver’s license number –state identification number –account information related to debit or credit cards, including any password or access codes

4 Personnel Files A Ripe Source For Identity Thieves What is clear is that “personal information” is the type of information contained in a company’s personnel files on its employees, which makes such records, whether maintained in a file folder or electronically, a ripe source for identity thieves.What is clear is that “personal information” is the type of information contained in a company’s personnel files on its employees, which makes such records, whether maintained in a file folder or electronically, a ripe source for identity thieves.

5 The Statistics Better Business Bureau report: 9.3 million Americans subject of identify theft in 2004Better Business Bureau report: 9.3 million Americans subject of identify theft in 2004 “Identity Theft 911” (an independent company providing identity theft services) says NJ residents filed 6,530 identity theft complaints with the Federal Trade Commission in 2003 (up 36% from 2002)“Identity Theft 911” (an independent company providing identity theft services) says NJ residents filed 6,530 identity theft complaints with the Federal Trade Commission in 2003 (up 36% from 2002) Identify Theft Complaints filed with the FTC rose nationally from 162,000 in 2002 to 246,000 in 2004Identify Theft Complaints filed with the FTC rose nationally from 162,000 in 2002 to 246,000 in 2004

6 The Statistics (cont’d) The cost to businesses and banks was recently estimated at $48 billionThe cost to businesses and banks was recently estimated at $48 billion 33% to cover losses due to credit card fraud33% to cover losses due to credit card fraud more than 20% lost to bogus telephone and utility accounts*more than 20% lost to bogus telephone and utility accounts* * NJ Record, November 27, 2005

7 Occurrences Of Identity Theft In The Workplace Sophisticated computer hacking strategies can be used to access employee information.Sophisticated computer hacking strategies can be used to access employee information.HOWEVER, Reports suggest that the overwhelming majority of identity theft incidents in the workplace occur through simpler, unsophisticated means such as copying of personnel files from an unlocked file room or through an employee’s downloading confidential information from a company’s network.Reports suggest that the overwhelming majority of identity theft incidents in the workplace occur through simpler, unsophisticated means such as copying of personnel files from an unlocked file room or through an employee’s downloading confidential information from a company’s network.

8 Federal Laws Electronic Fund Transfer Act – offers protections for persons using electronic means (such as a debit card) to debit or credit an account.Electronic Fund Transfer Act – offers protections for persons using electronic means (such as a debit card) to debit or credit an account. Fair Credit Reporting Act – requires that a person’s credit record only be provided for legitimate business needsFair Credit Reporting Act – requires that a person’s credit record only be provided for legitimate business needs Health Insurance Portability and Accountability Act (HIPAA) – requires employers to protect confidential medical records which may contain an employee’s identifying informationHealth Insurance Portability and Accountability Act (HIPAA) – requires employers to protect confidential medical records which may contain an employee’s identifying information

9 Federal Laws (cont’d) Identity Theft and Assumption Deterrence Act – makes it a crime to transfer or use another’s personal information with the intent to commit, aid or abet in any unlawful activityIdentity Theft and Assumption Deterrence Act – makes it a crime to transfer or use another’s personal information with the intent to commit, aid or abet in any unlawful activity Fair and Accurate Credit Transactions Act (FACTA) – requires employers to take reasonable measures in disposing of an employee’s credit report obtained as part of the employer’s hiring process. This can also include background checks on applicants which are obtained by the employer regarding the applicants and employees.Fair and Accurate Credit Transactions Act (FACTA) – requires employers to take reasonable measures in disposing of an employee’s credit report obtained as part of the employer’s hiring process. This can also include background checks on applicants which are obtained by the employer regarding the applicants and employees.

10 How is the Goal Achieved? By:By: –restricting a company’s use, retention and destruction of an individual’s personal information –developing notice requirements applicable to employers when personal information is improperly accessed or disclosed, and –establishing a security freeze mechanism for use by individuals Goal of the NJ Act? Prevent new, and mitigate existing, identity theftPrevent new, and mitigate existing, identity theft

11 Who Does the Act Regulate? Any entity conducting business in New JerseyAny entity conducting business in New Jersey – sole proprietorships, partnerships, corporations, associations, and LLCs

12 Who Does the Act Protect? “Consumer” – “an individual;” “customers”: which means individuals who provide personal information to a business. This includes “Consumer” – “an individual;” “customers”: which means individuals who provide personal information to a business. This includes –job applicants, employees, temp staff, consultants, contractors, and agents

13 What Types of Records Are Subject to the Act? Paper and electronic documentsPaper and electronic documents In the workplace, common documents that would include personal information include:In the workplace, common documents that would include personal information include: –job applications –health benefits forms/ID cards –retirement/401k account cards –I-9 Employment Eligibility Verification forms –direct deposit authorization forms

14 How Does the Act Work? Limits Use and Display of Social Security NumbersLimits Use and Display of Social Security Numbers cannot be publicly posted or displayed (in full or any 4 or more consecutive numbers of the SSN) cannot print the SSN on materials to be mailed to individual unless required by law cannot print SSN on cards needed to access products or services provided by the business cannot intentionally communicate or make available to the general public the individual’s SSN cannot require an individual to use SSN to access website unless accompanied by a password.

15 How Does the Act Work? Requires Timely and Complete Destruction of Records Containing “Personal Information”Requires Timely and Complete Destruction of Records Containing “Personal Information” Unreadable Undecipherable Nonreconstructable

16 How Does the Act Work? Imposes Security Breach Notification Requirements on BusinessesImposes Security Breach Notification Requirements on Businesses

17 Security Freeze A consumer can limit access to his/her consumer report by requesting a “security freeze”A consumer can limit access to his/her consumer report by requesting a “security freeze” Definition: a notice placed in a consumer’s consumer report, at the request of the consumer…that prohibits the consumer reporting agency from releasing the report or any information from the report without the express authorization of the consumer. However, the freeze does not prevent a consumer reporting agency from advising a third party that a security freeze is in effect with respect to the consumer report.Definition: a notice placed in a consumer’s consumer report, at the request of the consumer…that prohibits the consumer reporting agency from releasing the report or any information from the report without the express authorization of the consumer. However, the freeze does not prevent a consumer reporting agency from advising a third party that a security freeze is in effect with respect to the consumer report.

18 Security Freeze (cont’d) Request to institute the freeze must be in writing;Request to institute the freeze must be in writing; The credit agency has 5 business days to put the freeze into effect. Within 5 days of placing the freeze, the reporting agency has 5 days to send written confirmation to the consumer, and provide the consumer with a PIN or password to authorize release;The credit agency has 5 business days to put the freeze into effect. Within 5 days of placing the freeze, the reporting agency has 5 days to send written confirmation to the consumer, and provide the consumer with a PIN or password to authorize release; Request to lift freeze – must be in writing and regulations should establish procedures for quickly lifting freeze (within 15 minutes of the request); Currently have 3 days; max. $5 charge to lift freeze.Request to lift freeze – must be in writing and regulations should establish procedures for quickly lifting freeze (within 15 minutes of the request); Currently have 3 days; max. $5 charge to lift freeze.

19 Security Freeze (cont’d) If a third party requests access to a consumer report and is refused because of the freeze, and the consumer refuses to allow access to the third party, the third party may treat the application as incomplete.If a third party requests access to a consumer report and is refused because of the freeze, and the consumer refuses to allow access to the third party, the third party may treat the application as incomplete. The freeze will not apply to certain requesting parties, which are set forth in the Act.The freeze will not apply to certain requesting parties, which are set forth in the Act.

20 Penalties for Non-Compliance Consumer may be entitled to bring an action under the NJ Fair Credit Reporting Act or the NJ Consumer Fraud ActConsumer may be entitled to bring an action under the NJ Fair Credit Reporting Act or the NJ Consumer Fraud Act Private Causes of Action – invasion of privacy; negligencePrivate Causes of Action – invasion of privacy; negligence

21 Regulations

22 Suggestions for Compliance –Employers should update their internal policies and/or employee handbooks to comply with Act; –Establish a policy prohibiting the dissemination of employee personnel files or other files containing personal information;prohibiting the dissemination of employee personnel files or other files containing personal information; outlining the types of confidential information that actually are needed during the hiring process, and expressly forbidding the collection of confidential information that is not really necessaryoutlining the types of confidential information that actually are needed during the hiring process, and expressly forbidding the collection of confidential information that is not really necessary

23 Suggested for Compliance (cont’d) –Establish a confidentiality policy that limits employee access to personal information; –Store hard copies of records in a secure location with limited access (possibly monitored access); –Train employees with access to “personal information” about proper use and handling of the personal information; –Examine current computer system to protect against access to information by unauthorized individuals;

24 Suggestions for Compliance (cont’d) –Employers that store personal information in electronic format should examine their current computer system to protect against access to information by unauthorized individuals; –Implement appropriate software to protect against computer viruses, unauthorized access to a computer’s network, and similar on-line or electronic invasions of electronic data storage; encryption; –Adjust document retention policies; –Define and implement notice procedures in the event of security breach;

25 Suggestions for Compliance (cont’d) –Outsourcing – shredding companies –on-site; off-site; charge by the pound; –Continue compliance with state and federal records retention laws

26 Annmarie Simeone Areas of Practice: Labor and Employment, Commercial Litigation Admitted to Practice in: New Jersey State and Federal Courts Education: J.D., Seton Hall University School of Law St. John’s University, B.A., summa cum laude


Download ppt "New Jersey Identity Theft Prevention Act Presented by: Annmarie Simeone."

Similar presentations


Ads by Google