The July/August 2006 issue of "Corporate Board Member" ask and answers the question,
"Who will class-action lawyers go after next?"
Unfortunately, any company which has access to personal data about customer and employees may be targeted. "This applies to just about everybody, but with concerns about identity theft zooming, any company that accidentally discloses data protected by privacy laws run the risk of litigation."

There are 5 common types of Identity Theft

Drivers License Identity Theft	Social Security Identity Theft	Medical Identity Theft	Character/Criminal Identity Theft	Financial Identity Theft

Driver’s License Identity Theft
Thieves use your information to acquire a driver’s license in your name or claim to be you during a traffic stop

• You could receive DWI, DUI, and other driving-related charges
• Your driving privileges could be suspended or revoked
• You could be arrested during a routine traffic stop for crimes you did not commit

An 82-year-old grandmother, quit driving during the Truman administration. In 2001 she “suddenly found herself in what she describes as a ‘living hell’ after one of her neighbors, arrested on drunk-driving charges...pretended to be her. ‘I was told there were warrants for my arrest...I was afraid to answer the phone’.
AARP Bulletin, February 2004

Social Security (SSN) Identity Theft Thieves use your SSN Identity to gain employment or to report income under your name

• Thieves take the income, but don't pay the taxes, leaving you with the bill
• Wanted criminals use your SSN Identity so they can get employment without being found
• Illegal immigrants use your SSN Identity to gain employment.
• Thieves and Criminals use your SSN for employment, medical, financial, criminal, school, and other purposes.

The Secret List of ID Theft Victims
A Chicago woman applied for a job at a local Target department store and was denied. The reason? She already worked there – or rather, her Social Security number already worked there. Follow-up investigation revealed the same Social Security Number … used to obtain work at 37 other employers.

“People need to wake up to this problem. They are destroying people’s credit, Social Security benefits, and everything else.”
MSNBC, January 29, 2005

Medical Identity Theft
Thieves use your information for insurance benefits, Rx, Medicare, Medicaid benefits, or for medical tests

• Your rates could go up or your coverage could be canceled or used up
• You could owe thousands of dollars for a procedure you never had
• You could be unable to obtain medical or life insurance, other coverage, and/or employment because of conditions that you do not have (AIDS, Diabetes etc…)

“If the person who steals your health identity has allergies or specific medical conditions that collide with yours for instance … when you go in for care, you may experience a dangerous drug interaction or unknowingly be denied potentially lifesaving medications or treatments because they will assume the thief’s medical information is yours.”
Carole Pennington 9/7/2005

Medical Identity Theft: The information crime that can kill you
“As the health care system transitions from paper-based to electronic, this crime may become easier to commit and harder to trace. Victims may find it more difficult to recover from medical identity theft as medical errors are disseminated and redisseminated through computer networks and other medical information-sharing pathways.”
World Privacy Forum, May 2006

Financial Identity Theft
Thieves use your information to open new accounts or to gain access to existing accounts

• Thieves rob your accounts
• They rack up outrageous charges on credit cards, take out new loans, and more
• They destroy your credit, forcing you to pay higher rates
• You can absolutely be held responsible for the debts incurred by the thieves in your name

Each year, 7 to 10 million Americans fall prey to Identity Theft… From massive data-brokerage firms to tiny local banks, your identity is irretrievably ‘out there.’
- MSNBC

ID Fraudsters Stay One Step Ahead
Identity thieves are increasingly finding their jackpot is not in your mailbox or kitchen trash bag, but the computer files stored at your chiropractor, accountant or doctor … the future is not burglaries of your home, but of dentists, CPA’s, insurers etc...
MarketWatch, October 2, 2005

The Cost Of Identity Theft

“People whose identities have been stolen can spend months or years and thousands of dollars cleaning up the mess the thieves have made of their good name and credit record”
“When Bad Things Happen to Your Good Name” - September 2002, Federal Trade Commission

According to CIO Magazine, if you experience a security breach:

Important Legislation

Fair and Accurate Credit Transactions Act (FACTA)
Applies To Every Business And Individual Who Maintains, Or Otherwise Possesses, Consumer Information For A Business Purpose.

Employee or Customer information lost under the wrong set of circumstances may result in:

Gramm, Leach, Bliley Safeguard Rule
Eight Federal Agencies and any State can enforce this law

Applies To Any Organization That Maintains Personal Financial Information Regarding It’s Clients Or Customers

Non Public Information (NPI) lost under the wrong set of circumstances may result in:

Organizations Includes:
Financial Institutions, Schools, Credit Card Firms, Insurance Companies, Lenders, Brokers, Car Dealers, Accountants, Financial Planners, Real Estate Agents

The FTC categorizes an impressive list of businesses as financial institutions and these so-called “non-bank” businesses comprise a huge array of firms that may be unaware they are subject to GLB.

HIPAA Security Rule
April 21, 2005 - Scope broadened on April 21, 2006
Applies To Any Organization Or Individuals Who Retain Or Collect Health Information.

Medical information lost under the wrong set of circumstances may result in:

Requires:

Why and How We Help You...

Potential Early Warning System
If a number of your employees get notified of improper usage of their identities, this may act as an early warning system to your company of a possible internal breach.

BLR says this “Provides an Affirmative Defense for the company.”
“One solution that provides an affirmative defense against potential fines, fees, and lawsuits is to offer some sort of identity theft protection as an employee benefit. An employer can choose whether or not to pay for this benefit. The key is to make the protection available, and have a mandatory employee meeting on identity theft and the protection you are making available, similar to what most employers do for health insurance … Greg Roderick, CEO of Frontier Management, says that his employees "feel like the company's valuing them more, and it's very personal." Business and Legal Reports, January 19, 2006

Mitigating Damages
To potentially protect yourself, you could have all employees sign this document
It makes employees aware of their legal responsibilities to protect NPI
It serves as proof that handlers of NPI have been through some the mandatory training required by law

Employee Confidentiality Document
Acts as a Good Faith step in attempting to comply with FACTA, GLB, HIPAA, etc … According to Betsy Broder of the FTC, “We will act against businesses that fail to protect their data … She understands that most small businesses cannot be expected to hire a full time privacy specialists but adds that all businesses must be able to show they have a security plan in place. “We're not looking for a perfect system .. But we need to see that you've taken reasonable steps to protect your customer’s information”.

* Subject To Terms And Conditions

Action Steps...

2. After the initial appointment, set a date for the mandatory employee presentation, assignment of an Information Security Officer and implementation of your new company policy regarding Non-Public Information. We provide all of the documentation and materials you need.

3. Get a firm understanding of the Important Legislation you learned about today. A great site with a tremendous amount of information is the FTC PUBS index:

• F.A.C.T.A: www.ftc.gov/os/2004/11/041118disposalfrn.pdf

• HIPAA: www.hipaa.org

• Gramm-Leach-Bliley Act: www.ftc.gov/os/2002/05/67fr36585.pdf

• Two great resources for white papers: www.omnirim.com www.recall.com

Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You

Call 714-713-3090 for a free FACTA compliance evaluation and identity theft prevention consultation.