The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007.

Slides:

Advertisements

Similar presentations

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Advertisements

Red Flag Rules: What they are? & What you need to do

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

Overview of the Privacy Act

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,

Contractor Code of Business Ethics and Conduct Laura K. Kennedy Senior Vice President, Ethics and Compliance SAIC.

Protecting Personal Information Guidance for Business.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

A ID Theft & ACCOUNT FRAUD Welcome to MoneyWI$E A CONSUMER ACTION AND CAPITAL ONE PARTNERSHIP Prevention & Cleanup © 2012.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

MoneyWi$e: ID THEFT & ACCOUNT FRAUD ID Theft & Account Fraud Prevention and Clean Up © 2009.

Consumer Action: Presentation Skills & Games.  To gain knowledge or a skill they need.  To better manage changes in their lives.  To keep up with changes.

Smarter Decisions. Safer World. ICAE Conference Identity Theft Review Steve Keen.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

1 Information and Systems Security/Compliance Security Day The Information and Systems Security/Compliance Program Dave Kovarik.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Steps to Compliance: Risk Assessment PRESENTED BY.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

A ID Theft & ACCOUNT FRAUD Welcome to MoneyWI$E A CONSUMER ACTION AND CAPITAL ONE PARTNERSHIP Prevention & Cleanup.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.

Wireless Access Code: July 21, 2002  General medical ID theft education is lacking – over 1.4 million fraud victims in  Fraud can.

Florida Information Protection Act of 2014 (FIPA).

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

1 Protecting Consumers from Themselves Presented by the State Information Security Office & the California Office of Privacy Protection September 13, 2007.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Crosswalk of Public Health Accreditation and the Public Health Code of Ethics Highlighted items relate to the Water Supply case studied discussed in the.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

The Privacy Symposium – Summer 2007 Identity Theft Resource Center Linda Foley, Founder Presents: Privacy and Identity Theft Case Study © Aug 2007.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

The Internet of Things and Consumer Protection

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.

Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES.

Nassau Association of School Technologists

Top Compliance Topics.

MGMT 452 Corporate Social Responsibility

Director, Regulation and Strategy

Florida Information Protection Act of 2014 (FIPA)

Responding to a Data Breach 360° of IT Compliance

Tax Identity Theft Presenter Date

Florida Information Protection Act of 2014 (FIPA)

Chapter 3: IRS and FTC Data Security Rules

Notifiable data breaches Roundtable

Red Flags Rule An Introduction County College of Morris

Cyber Security: What the Head & Board Need to Know

Move this to online module slides 11-56

Colorado “Protections For Consumer Data Privacy” Law

Anatomy of a Common Cyber Attack

Presentation transcript:

The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007

The Privacy Symposium – Summer 2008 Points of Discussion Current Breach Statistics Self Assessment Pre-Breach During Breach Post-Breach Breach Remediation

The Privacy Symposium – Summer 2008 UPDATE Data Breaches ITRC Breach Data as of 6/30/08: 342 breaches affecting nearly 17 million individual records –Financial Institutions: 9.9% of breaches and 42.7% of total records –Business: 36.8% of breaches and 30.3% of total records –Education: 21.3% of breaches and only 3.2% of records –Government: 17.0% of breaches and 4.0% of records –Medical/Healthcare: 14.9% of breaches and 19.7% of records Financial institutions and Medical/Healthcare have relatively small percentage of breaches, despite handling a high volume of records

The Privacy Symposium – Summer 2008 History and Teamwork Over the past several years, more than 1,200 businesses, educational facilities, medical and health care entities, government and military agencies, and financial institutions have had to deal with the aftermath of compromised personal information of their customers, students, constituents or employees. The ITRC believes it is important for businesses, law enforcement, governmental agencies, legislators and consumers to combine their efforts to stem the growth of identity theft and the ever growing number of breaches. The ITRC maintains an ongoing relationship with organizations and law enforcement agencies from around the country to promote such cooperation.

The Privacy Symposium – Summer 2008 Self-Assessment How do you deal with paper and/or electronic data: Intake Handling Process Store Disposal IT security Hardware Software Firewalls

The Privacy Symposium – Summer 2008 Create an organizational ethic where all employees realize the importance of protecting PII Commit to writing the policy on PII protection and advertise this policy to the community (optional) Use best practices in information handling –If you don’t need it, don’t collect it –Encrypt –Monitor –Audit Pre-Breach

The Privacy Symposium – Summer 2008 Pre-Breach Planning In case of a breach: –Who will you notify? –How will you notify? –When will you notify? –What will you reveal? –Who will have input? –What will you do? Build a plan to eliminate chaos in dealing with the breach

The Privacy Symposium – Summer 2008 Case Study – Bad Breach Letters “We are contacting you about a violation of your privacy.” “As a first step, we encourage you to obtain credit monitoring” “You may obtain a free copy of your credit report from each of the credit bureaus once a year by going to Other Missteps in Breach Letters –No instructions to place a fraud alert –Burying important steps deep in the body of the letter –Misdirecting individuals to take unnecessary steps

The Privacy Symposium – Summer 2008 Data Breaches Law enforcement must be notified when you suspect a data breach of PII Prepare a comprehensive, intelligent, and timely breach notification for the affected parties –A bad notification is worse than no notification –Not communicating is unacceptable –Lack of timely information will create panic – media will speculate Follow your plan

The Privacy Symposium – Summer 2008 Post-Breach Continue to follow your plan Provide clear and concise information to those whose PII was exposed Actively support the investigation Consult breach experts for guidance Notify the media, if necessary

The Privacy Symposium – Summer 2008 Breach Remediation After information has been compromised, but before consumers are notified, there are crucial steps which need to be followed. –Situational Evaluation –Needs Assessment –Strategy Assessment and Development –Implementation of Required Actions –Remediation Services

The Privacy Symposium – Summer 2008 Contact Information Identity Theft Resource Center (858)

The Privacy Symposium – Summer 2008 Questions