1. Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million taxpayers United Mortgage Company Company threw away old loan documents in a dumpster. FTC fined them $50,000 Ford Hospital in Michigan An unencrypted thumb drive containing information on almost 3,000 patients was stolen

2. A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. The most common concept of a data breach is a hacker going into a corporate network – but it’s also someone finding old tax records in a dumpster. 46 States have laws about Privacy or Data Breaches Many foreign countries have laws, as well Privacy (or Data) Breaches – What is it?

3. Your Identity may be Stolen Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes As many as 9 million Americans have their identities stolen each year (FTC Estimate) The crime takes many forms Some identity theft victims can resolve their problems quickly Others spend hundreds of dollars and many days repairing damage Privacy (or Data) Breaches – What happens?

4. You have contracted with a supplier to perform services for you. You get a call one day from the supplier’s representative that one of their subcontractors (“What subcontractor?” You exclaim!), downloaded the customer information to his home laptop, so he could work on it over the weekend. On his way back into the office, he fell asleep on the train and someone stole his laptop. The supplier assures you that the laptop was probably stolen only for the hardware. When you ask exactly what information was on the laptop, you learn that it was name, address, and social security numbers for 100 customers. You contact your attorney, and determine that you are required to notify the customers, as well as certain state agencies and credit monitoring bureaus. Credit monitoring should be offered. You send out notification letters. The mailing and credit monitoring costs exceed $10,000. The Chicago Tribune gets wind of the story, and publishes it on its front page. Customers call you to complain. The Tribune starts a series with your business as the poster child for how businesses lose customer information. You sue the vendor for reimbursement of costs. Your business starts losing customers, since they no longer trust you with their information. Privacy (or Data) Breaches – An example

5. Have a plan! An hour or two now can make a HUGE difference later – Imagine the worst, and walk yourself through it: Things on the List: Capture the names and contact information of everyone you may need to include in meetings (your IT supplier, Operations head, local Law Enforcement, Legal, FBI…) Think about these tasks – how would you perform them? Take a look at the resources we’ve included Privacy (or Data) Breaches – What should I do Now?

6. Privacy (or Data) Breaches – What to Consider