Helping you protect your

customers against fraud

Division of Finance and Corporate Securities

2

Identity theft is prolific in the U.S. and in Oregon. It can strike anyone, anywhere.

• Individuals• Businesses and Organizations• Government Agencies

It has become the number one crime in the U.S.

Oregon ranked #13 in identity theft crime.

3

The Cost of Identity Theft

• National business price tag: $48 billion • Consumer price tag: $5 billion• Other tolls: time, credibility, emotional

4

ID Theft Prevention — Prepare and Plan

The 2007 Oregon Identity Theft Protection Act• Social Security numbers

• Data breach notification

• Safe-keeping of sensitive information

• Security freeze option

5

Definitions

“Security Breach”• Inadvertant release or the theft of personal information in

computerized format

“Personal Identifying Information”• Someone’s name in combination with one or any of these:

Social Security number Driver license number or Oregon identification card number Passport number Financial account number, credit or debit number along with

required security code, access code or password

6

Protecting Social Security Numbers

Effective October 1

To prevent the theft of SSN: No posting or displaying (ex: Web site)

No printing on materials sent through the mail if not requested unless redacted

No printing a consumer's SSN on a card used by the consumer that is required to access products or services

*Exceptions:

Records required

by state or federal

law and others

7

When sensitive data is stolen

Effective October 1

If computerized personal identifying information you own or maintain is stolen you must send your customers notification.

• When

• What

• How

8

When

• As soon as possible

• Delay if action by law enforcement

9

What

• Describe what happened

• Explain type of information that was stolen

• Provide contact information

• Add information for national credit reporting agencies

• Give advice in reporting suspected identity theft to law enforcement and the Federal Trade Commission

10

How

• Notify credit reporting agencies

• Exception: Use statewide major television and newspaper and your Web site if:

• Cost of notification > more than $250,000

• Number of individuals > more than 350,000

• Gramm-Leach-Bliley Act

• Note – Follow Oregon law for your employees

11

How to Protect Customer Data Effective January 1, 2008

To safeguard information you own you must develop, implement and maintain reasonable safeguards including proper disposal.

12

Easy and Sensible Steps

Assess

• Take inventory

13

Easy and Sensible Steps

• Simplest protection

• Encrypt

Protect

14

Easy and Sensible Steps

Reduce

• What kind of personal information do you really need?

15

Easy and Sensible Steps

• What’s personal identifying information?

• Security program practices and procedures

• www.OnGuardOnline.gov

Train

16

Easy and Sensible Steps

• Test

• Investigate

• Have a security plan

Detect

17

Easy and Sensible Steps

• Use your retention schedule

• Make the information unreadable — hard copy or electronic

• New recycling law

Destroy

18

• Gramm-Leach-Bliley Act

• Health Insurance Portability and Accountability Act (HIPAA)

• Follow Oregon’s law for your employees

19

Requirements for Protecting Data

20

Prevention Tool for Consumers: Security Freeze

Effective October 1

• All Oregonians can place a freeze

• Contact Experian, TransUnion, Equifax

• $10 fee for each freeze

• Exception to fee — ID theft victims

• “Thawing” the freeze

• Careful consideration: do you need new credit?

21

Security Freeze Procedures

22

More Information:

www.dfcs.oregon.govClick on Identity Theft

(503) 378-4140(866) 814-9710

Federal TradeCommissionwww.ftc.govSearch for Identity Theft