Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007.

Published byMilton Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007."— Presentation transcript:

1 The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007

2 The Privacy Symposium – Summer 2008 Points of Discussion Current Breach Statistics Self Assessment Pre-Breach During Breach Post-Breach Breach Remediation

3 The Privacy Symposium – Summer 2008 UPDATE Data Breaches ITRC Breach Data as of 6/30/08: 342 breaches affecting nearly 17 million individual records –Financial Institutions: 9.9% of breaches and 42.7% of total records –Business: 36.8% of breaches and 30.3% of total records –Education: 21.3% of breaches and only 3.2% of records –Government: 17.0% of breaches and 4.0% of records –Medical/Healthcare: 14.9% of breaches and 19.7% of records Financial institutions and Medical/Healthcare have relatively small percentage of breaches, despite handling a high volume of records

4 The Privacy Symposium – Summer 2008 History and Teamwork Over the past several years, more than 1,200 businesses, educational facilities, medical and health care entities, government and military agencies, and financial institutions have had to deal with the aftermath of compromised personal information of their customers, students, constituents or employees. The ITRC believes it is important for businesses, law enforcement, governmental agencies, legislators and consumers to combine their efforts to stem the growth of identity theft and the ever growing number of breaches. The ITRC maintains an ongoing relationship with organizations and law enforcement agencies from around the country to promote such cooperation.

5 The Privacy Symposium – Summer 2008 Self-Assessment How do you deal with paper and/or electronic data: Intake Handling Process Store Disposal IT security Hardware Software Firewalls

6 The Privacy Symposium – Summer 2008 Create an organizational ethic where all employees realize the importance of protecting PII Commit to writing the policy on PII protection and advertise this policy to the community (optional) Use best practices in information handling –If you don’t need it, don’t collect it –Encrypt –Monitor –Audit Pre-Breach

7 The Privacy Symposium – Summer 2008 Pre-Breach Planning In case of a breach: –Who will you notify? –How will you notify? –When will you notify? –What will you reveal? –Who will have input? –What will you do? Build a plan to eliminate chaos in dealing with the breach

8 The Privacy Symposium – Summer 2008 Case Study – Bad Breach Letters “We are contacting you about a violation of your privacy.” “As a first step, we encourage you to obtain credit monitoring” “You may obtain a free copy of your credit report from each of the credit bureaus once a year by going to www.annualcreditreport.com” Other Missteps in Breach Letters –No instructions to place a fraud alert –Burying important steps deep in the body of the letter –Misdirecting individuals to take unnecessary steps

9 The Privacy Symposium – Summer 2008 Data Breaches Law enforcement must be notified when you suspect a data breach of PII Prepare a comprehensive, intelligent, and timely breach notification for the affected parties –A bad notification is worse than no notification –Not communicating is unacceptable –Lack of timely information will create panic – media will speculate Follow your plan

10 The Privacy Symposium – Summer 2008 Post-Breach Continue to follow your plan Provide clear and concise information to those whose PII was exposed Actively support the investigation Consult breach experts for guidance Notify the media, if necessary

11 The Privacy Symposium – Summer 2008 Breach Remediation After information has been compromised, but before consumers are notified, there are crucial steps which need to be followed. –Situational Evaluation –Needs Assessment –Strategy Assessment and Development –Implementation of Required Actions –Remediation Services

12 The Privacy Symposium – Summer 2008 Contact Information Identity Theft Resource Center (858) 693-7935 www.idtheftcenter.org

13 The Privacy Symposium – Summer 2008 Questions

Download ppt "The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007."

Similar presentations

Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Overview of the Privacy Act

Overview of the Privacy Act
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Randy Benson RHQN Executive Director May, 2012. Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,

The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
Contractor Code of Business Ethics and Conduct Laura K. Kennedy Senior Vice President, Ethics and Compliance SAIC.

Contractor Code of Business Ethics and Conduct Laura K. Kennedy Senior Vice President, Ethics and Compliance SAIC.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
A ID Theft & ACCOUNT FRAUD Welcome to MoneyWI$E A CONSUMER ACTION AND CAPITAL ONE PARTNERSHIP Prevention & Cleanup © 2012.

A ID Theft & ACCOUNT FRAUD Welcome to MoneyWI$E A CONSUMER ACTION AND CAPITAL ONE PARTNERSHIP Prevention & Cleanup © 2012.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
MoneyWi$e: ID THEFT & ACCOUNT FRAUD ID Theft & Account Fraud Prevention and Clean Up © 2009.

MoneyWi$e: ID THEFT & ACCOUNT FRAUD ID Theft & Account Fraud Prevention and Clean Up © 2009.
Consumer Action: Presentation Skills & Games.  To gain knowledge or a skill they need.  To better manage changes in their lives.  To keep up with changes.

Consumer Action: Presentation Skills & Games.  To gain knowledge or a skill they need.  To better manage changes in their lives.  To keep up with changes.
Smarter Decisions. Safer World. ICAE Conference Identity Theft Review Steve Keen.

Smarter Decisions. Safer World. ICAE Conference Identity Theft Review Steve Keen.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Similar presentations

Ads by Google