The Growing Problem of Data Breaches in America

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The Growing Problem of Data Breaches in America"

Transcription

1 Continuity Insights The Growing Problem of Data Breaches in America Today s Questions to Cover 1. What is a Data Breach? 2. How Significant is the Problem? 3. How Do Thieves Steal the Data? 4. How Does this Effect Individuals? 5. How Does this Effect Corporations? 6. What Can We Do About it?

2 What is a Data Breach? For purposes of this Agreement, the term Database Compromise not only encompasses a Database Compromise but also any Database Breach, Information Compromise and/or Information Breach. For the purposes of this Agreement, the term Database Compromise covers the following acts as hereafter defined: Accidental Communication or Accidental Release means the inadvertent disclosure of Non-Public Personal Information (NPPI) of one or more data subjects by the Company through , Fax, or other method of electronic or written/paper communication. Accidental Publication means the inadvertent disclosure of Non-Public Personal Information (NPPI) of one or more data subjects by the Company through disclosure over the Internet or through or other means of communication. DNS cache poisoning means the technique used to trick a DNS server into believing it has received authentic information when, in reality, it has not. DNS Redirection means redirecting the nameserver of an attacker's domain to the nameserver of the target domain, then assigning that nameserver an IP address specified by the attacker. Domain Name System or DNS means the system that stores information about hostnames and domain names in a type of distributed database on networks, such as the Internet. The DNS Server provides a physical location (IP address) for each domain name, and lists the mail exchange servers accepting for each domain. Internet Attack or Hacker Attack means a Network Intrusion or Database Compromise that is carried out using a remote computer over the Internet. Lost Data means the loss, dispersal, unauthorized release/communication or theft of data containing the Non-Public Personal Information (NPPI) and/or the Personal Health Information (PHI) of the company s Customers. This includes information stored in any digital or electronic format in addition to any information contained in any physical and tangible means of expression such as, but not limited to information that is typewritten, handwritten, photographed, photocopied, mimeographed, on microfiche, microfilm or other non-digitized manner. Lost Document means the physical loss of non-digitized information containing Non-Public Personal Information (NPPI) and/or the Personal Health Information (PHI) of Data Subjects and imprinted, typed, handwritten or recorded on a physical and tangible means of expression such as, but not limited to, paper, photograph, photocopy, mimeograph, microfiche, microfilm or other non-digitized manner of expression. Lost Hardware means the physical loss of one or more pieces of hardware such as servers, laptop computers, desktop computers, PDA s, Cell Phones or other electronic devices that contain in its memory, certain Non-Public Personal Information (NPPI) of one or more data subjects. Lost Media means the physical loss of one or more pieces of electronic media including but not limited to hard drives, zip disks, floppy disks, CD-ROMs, DVD-ROMs, magnetic tapes, USB storage devices, or any other forms of electronic media and storage that contain and/or store certain Non-Public Personal Information (NPPI) or Personal Health Information (PHI) of one or more data subjects. Malicious Code means a worm, virus, spyware, key logger or other piece of computer code that is used to collect, destroy, alter, retrieve or affect computer software and/or data on a computer system, network, storage device, PDA or other peripheral device. Network Intrusion means the unauthorized access and intrusion onto a computer network and may include but is not limited to denial of service attacks, port-scans, Man in the Middle attacks or even attempts to hack and/or crack into computers. Physical Security Breach means the unauthorized intrusion by a third party onto the physical premises of the Company s property or the property of a contractor that provides third party data processing services for the company. Stolen Document means the theft of digitized or non-digitized information containing Non-Public Personal Information (NPPI) and/or the Personal Health Information (PHI) of Data Subjects and imprinted, typed, handwritten or recorded on a physical and tangible means of expression such as, but not limited to, paper, photograph, photocopy, mimeograph, microfiche, microfilm or other non-digitized manner of expression. Stolen Hardware means the theft of one or more pieces of hardware such as servers, laptop computers, desktop computers, PDA s, Cell Phones or any other electronic device that contains in its memory, certain Non-Public Personal Information (NPPI) or Personal Health Information (PHI) of one or more data subjects. Stolen Media means the theft of one or more pieces of electronic media including but not limited to hard drives, zip disks, floppy disks, CD-ROMs, DVD- ROMs, magnetic tapes, USB storage devices, or any other forms of electronic media and storage that contain and/or store certain Non-Public Personal Information (NPPI) or Personal Health Information (PHI) of one or more data subjects. Unauthorized Employee Intrusion means access to the Company s information databases containing Non-Public April Personal 12-14, Information 2010(NPPI) or Personal Health Information (PHI) of one or more data subjects, by an employee of the company or a third Sheraton party contractor New for nefarious Orleans or other unauthorized purposes. What is a Data Breach? In simple terms: Theft of Non-Public Personal Information (NPPI) which can potentially be used to uniquely identify an individual and could be used to facilitate an Identity Theft or Identity Fraud. Name Date of Birth Medical ID Number Credit Card Typically: Address Social Security Number Bank Account info

3 How Significant is the Problem? Oops! Since 2005, over 247 Million records (NPPI) have been compromised or breached Most Notable Cases: TJ Maxx Choice Point Veterans Affairs Monster.com Countrywide State of Ohio UCLA Starbucks Harvard Law Heartland Payment January 20, 2009 "Largest Breach Ever" Reported The personal information of as many as 100 million may have been exposed in a breach at New Jersey-based credit-card processor Heartland Payment Systems Inc., reports the Wall Street Journal.

4 How Do Thieves Steal the Data? Internet Attack or Hacker Attack Malicious Code (worm, virus, spyware, key logger,etc) Physical Security Breach (stolen lap top, thumb drive) Unauthorized Employee Intrusion Domain Name System Redirect How Do Thieves Sell the Data? Internet Flea Markets Black Market Illegal Aliens ABC News2.flv

5 How Does this effect Individuals? Identity Theft Statistics 10 Million Americans had their identity stolen last year According to the IRS, there are 8 million Social Security Numbers being used by more than one person Black market trafficking of stolen identities is estimated to increase to $1.6 billion by 2010

6 What are the odds? Winning the Lottery? 1 in 135,145,920 Your Home Having a Fire? 1 in 1,200 Your Auto Being Totaled? 1 in 240 Becoming an ID Theft Victim?

7 What are the odds? Winning the Lottery? 1 in 135,145,920 Your Home Having a Fire? 1 in 1,200 Your Auto Being Totaled? 1 in 240 Becoming an ID Theft Victim? 1 in 30 How Does this Effect Corporations? Time Money Anxiety Frustration Reputation Lost Customers Lost Productivity from Employees

8 How Does this Effect Corporations? 85% of employees are Highly Concerned about having their identity stolen Identity Theft victims can spend 600 hours trying to restore their identity (most during work hours) 41% of victims do not recover their identity even after 14 months of work Security Breaches Cost $90 To $305 Per Lost Record After calculating the expenses of legal fees, call centers, lost employee productivity, regulatory fines, stock plummets, and customer losses, it can be dizzying, if not impossible, to come up with a true number," Two-thirds of the breaches in the study involved data that the organization did not know was present on the system.

9 What Can We Do about it? Nothing Can be Done to Prevent it. However, There are Steps to Decrease the Odds Create a Cyber Liability Program Remove NPPI from Computers Encrypt Sensitive Data Proactively Prepare for the Breach What Can We Do about it? We Choose to Be Proactive or Reactive Case Study Local Bank 20,000 Records Breached (Stolen) 1. Wrote Notification Letter Incorrectly 2. Provided Banks Phone Number for Questions 3. Provided Opt In Credit Monitoring for Victims 4. Cost - $49 per victim 5. Up to $1,000,000. Not to mention lost productivity, lost customers, legal, etc.

10 If Proactive What Can We Do about it? Case Study Local Bank 20,000 Records Breached (Stolen) 1. Write Notification Letter Correctly # Answered by Trained Paralegal 3. Fully Managed Recovery 4. Cost $3 per victim + $1,200 Retainer 5. $61,200 instead of potentially $1,000,000. What Can We Do about it? Protect Our Employees & Families with id guarantee

11 Identity Monitoring Monthly National Database screening of Name, Date of Birth & Social Security Number Identification of Fraudulent Name/Address Variations Expanded Data Searches within All 3 Credit Bureaus, Utilities, Public Records and More Immediate Notification of Suspected Identity Theft or Fraud Fully Managed Recovery Personal Recovery Specialist assigned to victim s case to determine severity of theft Victim spends 1-2 hours discussing case with trained Paralegal (Recovery Specialist) Victims receives all forms and documents ready for signatures and limited power of attorney Victim is finished with the work

12 Fully Managed Recovery id guarantee works directly with: Social Security Administration (SSA) Federal Trade Commission (FTC) US Postal Service (USPS) All 3 Credit Bureaus State Attorney General s Office Law Enforcement Officials All Creditors and Collection Agencies Thank you for your time For More Information Contact: Ken Stoll Principal ID Guarantee Corporation

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

Privacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues

Privacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues Doing Business in Oregon Under the Oregon Consumer Identity Theft Protection Act and Related Privacy Risks Privacy Data Loss www.breachblog.com Presented by: Mike Porter March 10, 2009 2 Privacy Data Loss

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM

CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such

More information

LIGC-ACC Presentation November 9, 2015

LIGC-ACC Presentation November 9, 2015 Bryan Frank, DDIS Info Sec Corp, panelist Jennifer M. Mone, Deputy General Counsel, Hofstra University, panelist Keith J. Frank, Partner, Forchelli, Curto, Deegan, Schwartz, Mineo & Terrana,. LLP, moderator

More information

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP

More information

Information Security Incident Management Guidelines

Information Security Incident Management Guidelines Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Information Security Addressing Your Advanced Threats

Information Security Addressing Your Advanced Threats Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?

More information

Student Data Breaches: Is Your District Prepared?

Student Data Breaches: Is Your District Prepared? Student Data Breaches: Is Your District Prepared? Colleen A. Sloan, Esq., Manager, Labor Relations and Associate School Attorney JoAnn Balazs, Director, Management Services Janell Hallgren, Manager, Policy

More information

Cyber Liability & Data Breach Insurance Claims

Cyber Liability & Data Breach Insurance Claims Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This

More information

Cyber Liability. AlaHA Annual Meeting 2013

Cyber Liability. AlaHA Annual Meeting 2013 Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages

More information

How a Company s IT Systems Can Be Breached Despite Strict Security Protocols

How a Company s IT Systems Can Be Breached Despite Strict Security Protocols How a Company s IT Systems Can Be Breached Despite Strict Security Protocols Brian D. Huntley, CISSP, PMP, CBCP, CISA Senior Information Security Advisor Information Security Officer, IDT911 Overview Good

More information

Society for Information Management

Society for Information Management Society for Information Management The Projected Top 5 Security Issues of 2010 Steve Erdman CSO and Staff Security Consultant of SecureState Network +, MCP Precursor 2009 has been a difficult year in Information

More information

IDENTITY THEFT VICTIM KIT

IDENTITY THEFT VICTIM KIT IDENTITY THEFT VICTIM KIT Dear Illinois Consumer: When someone uses your personal information to obtain identification, credit or even a mortgage, you may be a victim of identity theft. This crime can

More information

Identity Theft Plan. Guidebook. Copyright 2013 Prepaid Plans All Rights Reserved

Identity Theft Plan. Guidebook. Copyright 2013 Prepaid Plans All Rights Reserved Identity Theft Plan Guidebook Copyright 2013 Prepaid Plans All Rights Reserved Identity Theft Solutions Identity Theft Insurance Claims When filing an identity theft claim please contact a claims administrator

More information

INFORMATION SECURITY PROGRAM

INFORMATION SECURITY PROGRAM Approved 1/30/15 by Dr. MaryLou Apple, President MSCC Policy No. 1:08:00:02 MSCC Gramm-Leach-Bliley INFORMATION SECURITY PROGRAM January, 2015 Version 1 Table of Contents A. Introduction Page 1 B. Security

More information

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure ICPAK ANNUAL FORENSIC AUDIT CONFERENCE Digital Forensics in Fraud & Corruption Investigations 9 October 2014 Leisure Lodge Hotel, Diani Kenya Faith Basiye, CFE Head Group Forensic Services KCB Banking

More information

The Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016

The Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016 The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,

More information

Office of the President University Policy

Office of the President University Policy Office of the President University Policy SUBJECT: IDENTITY THEFT PREVENTION PROGRAM Effective Date: 6-17-09 Policy Number: 5.6 Supersedes: Page Of New 1 7 Responsible Authority: Senior Vice President,

More information

A Proposal of Employee Benefits. Innovations in IDENTITY THEFT

A Proposal of Employee Benefits. Innovations in IDENTITY THEFT A of Employee Benefits Innovations in IDENTITY THEFT Innovations in IDENTITY THEFT Name or Logo 2 Innovations in IDENTITY THEFT A Complete Identity Theft Solution Prevention to Prosecution Solution

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

PREVENTING IDENTITY THEFT AT The University of North Carolina at Greensboro. Presented By Roy Davenport Shred-it North Carolina

PREVENTING IDENTITY THEFT AT The University of North Carolina at Greensboro. Presented By Roy Davenport Shred-it North Carolina PREVENTING IDENTITY THEFT AT The University of North Carolina at Greensboro Presented By Roy Davenport Shred-it North Carolina Identity Theft in the US: How BIG Is The Problem? FTC Says it is the fastest

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone

More information

Understanding Professional Liability Insurance

Understanding Professional Liability Insurance Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional

More information

Control the Risk of Identity Theft

Control the Risk of Identity Theft Control the Risk of Identity Theft Guidance for Your Business R NORTH AMERICAN EQUIPMENT DEALERS ASSOCIATION This information was compiled from Protecting Personal Information: A Guide for Business, a

More information

HIPPA Goes HITECH. Data Protection for Agents

HIPPA Goes HITECH. Data Protection for Agents HIPPA Goes HITECH Data Protection for Agents For agent information only. this material should not be distributed to the public or used in any solicitation. 13-0127 Course objectives Agents will be able

More information

Corporate Account Take Over (CATO) Guide

Corporate Account Take Over (CATO) Guide Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,

More information

ACE Advantage PRIVACY & NETWORK SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

ID Theft Victim Toolkit. Information provided by the North Carolina Department of Justice. Updated August 2006.

ID Theft Victim Toolkit. Information provided by the North Carolina Department of Justice. Updated August 2006. ID Theft Victim Toolkit Information provided by the North Carolina Department of Justice. Updated August 2006. IDENTITY THEFT VICTIM KIT Dear Consumer: A Message from Attorney General Roy Cooper Realizing

More information

HIPAA Privacy and Security

HIPAA Privacy and Security HIPAA Privacy and Security Course ID: 1020 - Credit Hours: 2 Author(s) Kevin Arnold, RN, BSN Accreditation KLA Education Services LLC is accredited by the State of California Board of Registered Nursing,

More information

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics

More information

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

Identity Theft. Emergency Repair Kit

Identity Theft. Emergency Repair Kit Identity Theft Emergency Repair Kit 2012 Beavercreek Marketing, a division of Beavercreek Inc. All rights reserved. Any duplication or reproduction is strictly prohibited. Identity Theft Emergency Repair

More information

13. Acceptable Use Policy

13. Acceptable Use Policy To view the complete Information and Security Policies and Procedures, log into the Intranet through the IRSC.edu website. Click on the Institutional Technology (IT) Department link, then the Information

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Cyber Security for Businesses

Cyber Security for Businesses Cyber Security for Businesses Computer crimes involve the illegal use of or the unauthorized entry into a computer system to tamper, interfere, damage, or manipulate the system or information stored in

More information

IDENTITY THEFT AFFIDAVIT INSTRUCTIONS

IDENTITY THEFT AFFIDAVIT INSTRUCTIONS IDENTITY THEFT AFFIDAVIT INSTRUCTIONS To make certain that you do not become responsible for the debts incurred by the identity thief, you must provide proof that you did not create the debt to each of

More information

Cyber Threats: Exposures and Breach Costs

Cyber Threats: Exposures and Breach Costs Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

SafeBiz. Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB)

SafeBiz. Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB) SafeBiz Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB) 1 About Us Since 2003 we have helped victims of identity theft recover fully from this devastating crime, and continue

More information

Policy for Protecting Customer Data

Policy for Protecting Customer Data Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees

More information

Identity Theft Victim s Packet

Identity Theft Victim s Packet Identity Theft Victim s Packet Information and Instructions This packet is to be completed once you have contacted the El Paso Police Department and obtained a police report number related to your identity

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

SECURITY BREACH INCIDENT RESPONSE AND CONSUMER NOTIFICATION PLAN TABLE OF CONTENTS PROGRAM OVERVIEW... DEFINITIONS... REPORTING A SECURITY BREACH...

SECURITY BREACH INCIDENT RESPONSE AND CONSUMER NOTIFICATION PLAN TABLE OF CONTENTS PROGRAM OVERVIEW... DEFINITIONS... REPORTING A SECURITY BREACH... SECURITY BREACH INCIDENT RESPONSE AND CONSUMER NOTIFICATION PLAN TABLE OF CONTENTS PROGRAM OVERVIEW... DEFINITIONS... REPORTING A SECURITY BREACH... CONTAINMENT AND CONTROL... INVESTIGATING A SECURITY

More information

Intro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits

Intro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits HIPAA Security Rule & Live Hack Tod Ferran, CISSP, QSA Intro Tod Ferran, CISSP, QSA 25 years working with IT and physical security 2 years PCI and HIPAA security consulting, performing entity compliance

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

PROTECTING YOURSELF FROM IDENTITY THEFT. The Office of the Attorney General of Maryland Identity Theft Unit

PROTECTING YOURSELF FROM IDENTITY THEFT. The Office of the Attorney General of Maryland Identity Theft Unit PROTECTING YOURSELF FROM IDENTITY THEFT The Office of the Attorney General of Maryland Identity Theft Unit CONTENTS 1) What is Identity Theft? 2) How to Protect Yourself From ID Theft. 3) How to Tell If

More information

Hengtian Information Security White Paper

Hengtian Information Security White Paper Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Protection of Personal Information Security and Incident Investigation Procedures and Practices for Local Governmental Units

Protection of Personal Information Security and Incident Investigation Procedures and Practices for Local Governmental Units Fall 2014 Protection of Personal Information Security and Incident Investigation Procedures and Practices for Local Governmental Units Effective January 1, 2015 Darren T. Sammons, Staff Attorney Commonwealth

More information

Guadalupe Regional Medical Center

Guadalupe Regional Medical Center Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address

More information

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009 MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009 Current Laws: Identity Crime: A person is guilty of identity

More information

Network Security for End Users in Health Care

Network Security for End Users in Health Care Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information

More information

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster WHITE PAPER: DON'T WAIT UNTIL IT'S TOO LATE: CHOOSE NEXT-GENERATION................. BACKUP........ TO... PROTECT............ Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your

More information

Privacy Liability & Data Breach Management Nikos Georgopoulos 1 st Athens Privacy & Data Breach Management Conference

Privacy Liability & Data Breach Management Nikos Georgopoulos 1 st Athens Privacy & Data Breach Management Conference Privacy Liability & Data Breach Management Nikos Georgopoulos 1 st Athens Privacy & Data Breach Management Conference N.G. Privacy Liability Insurance Presentation to Athens 1 st Privacy & Data Breach

More information

http://www.ftc.gov/bcp/edu/microsites/idtheft/index.html

http://www.ftc.gov/bcp/edu/microsites/idtheft/index.html Identity Theft: Steps to Take if You are a Victim We understand the stress, time and effort required as a result of having your identity stolen and used fraudulently. While there are many resources available

More information

From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense

From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense 1 of 5 11/17/2014 4:14 PM 800.268.2440 From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense Share This Every other week it seems like there is another secure data breach

More information

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Security. assistance with implementation of the. security standards. This series aims to HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Red Flag Rules: A Step by Step Guide to Developing a Prevention & Training Program

Red Flag Rules: A Step by Step Guide to Developing a Prevention & Training Program Red Flag Rules: A Step by Step Guide to Developing a Prevention & Training Program A Case Study of Sam Houston State University s Red Flag Program Dr. Kristy L. Vienne Objective Participants will: Understand

More information

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013 Information Security Incident Management Policy Policy and Guidance June 2013 Project Name Information Security Incident Management Policy Product Title Policy and Guidance Version Number 1.2 Final Page

More information

WHAT IS SENSITIVE INFORMATION?

WHAT IS SENSITIVE INFORMATION? Disclaimer: This material is designed and intended for general informational purposes only, and is not intended, nor shall it be construed or relied upon, as specific legal advice. Nearly all companies

More information

Identity Theft. Providing Your Student with a Safety Net By Sun Ow

Identity Theft. Providing Your Student with a Safety Net By Sun Ow Identity Theft Providing Your Student with a Safety Net By Sun Ow 34% of identity theft victims are college students Did You Know Only 24% of fraudulent charges were first caught by a consumer s financial

More information

Covered Areas: Those EVMS departments that have activities with Covered Accounts.

Covered Areas: Those EVMS departments that have activities with Covered Accounts. I. POLICY Eastern Virginia Medical School (EVMS) establishes the following identity theft program ( Program ) to detect, identify, and mitigate identity theft in its Covered Accounts in accordance with

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific

More information

Oakland Family Services Information Breach FAQs

Oakland Family Services Information Breach FAQs Oakland Family Services Information Breach FAQs 1. What happened? An unauthorized individual remotely gained access to the email account of one Oakland Family Services employee July 14, 2015 resulting

More information

Information Technology Services Guidelines

Information Technology Services Guidelines Page 1 of 10 Table of Contents 1 Purpose... 2 2 Entities Affected by These Guidelines... 2 3 Definitions... 3 4 Guidelines... 5 4.1 Electronic Sanitization and Destruction... 5 4.2 When is Sanitization

More information

Cyber Liability & Data Breach Insurance Claims

Cyber Liability & Data Breach Insurance Claims Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

COB 302 Management Information System (Lesson 8)

COB 302 Management Information System (Lesson 8) COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this

More information

Identity Theft Assistance: Information for Recovering Your Good Name

Identity Theft Assistance: Information for Recovering Your Good Name Identity Theft Assistance: Information for Recovering Your Good Name I Could Be A Victim of Identity Theft! What Do I Do Next? We understand that you may have been a victim of identity theft. Enclosed

More information

How are we keeping Hackers away from our UCD networks and computer systems?

How are we keeping Hackers away from our UCD networks and computer systems? How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12

More information

Accepting Payment Cards and ecommerce Payments

Accepting Payment Cards and ecommerce Payments Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont

More information

California State University, Sacramento INFORMATION SECURITY PROGRAM

California State University, Sacramento INFORMATION SECURITY PROGRAM California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...

More information

Boynton Beach Chamber Lunch. How to Deter, Defend, and Detect Identity Theft July 11, 2012

Boynton Beach Chamber Lunch. How to Deter, Defend, and Detect Identity Theft July 11, 2012 Boynton Beach Chamber Lunch How to Deter, Defend, and Detect Identity Theft July 11, 2012 "Identity Theft and Assumption Deterrence Act of 1998" As amended by Public Law 105-318, 112 Stat. 3007 (Oct. 30,

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

Valmeyer Community Unit School District #3 Acceptable Use Of Computers and Networks

Valmeyer Community Unit School District #3 Acceptable Use Of Computers and Networks Valmeyer Community Unit School District #3 Acceptable Use Of Computers and Networks The Valmeyer Community Unit School District #3 Board of Education supports the use of the Internet and other computer

More information

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

Phishing for Fraud: Don't Let your Company Get Hooked!

Phishing for Fraud: Don't Let your Company Get Hooked! Phishing for Fraud: Don't Let your Company Get Hooked! March 2009 Approved for 1 CTP/CCM recertification credit by the Association for Financial Professionals 1 Today s Speakers: Joe Potuzak is Senior

More information

According to the Federal Trade Commission (FTC): The FTC is a government agency that promotes consumer protection

According to the Federal Trade Commission (FTC): The FTC is a government agency that promotes consumer protection According to the Federal Trade Commission (FTC): IDENTITY THEFT occurs when someone wrongfully acquires and uses a consumer s personal identification, credit, or account information The FTC is a government

More information

Finding a Cure for Medical Identity Theft

Finding a Cure for Medical Identity Theft Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Business Identity Fraud Prevention Checklist

Business Identity Fraud Prevention Checklist Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business

More information