Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint
-
Upload
jan-carroza -
Category
Documents
-
view
3.349 -
download
0
description
Transcript of Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint
![Page 1: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/1.jpg)
Personally Identifiable Information(PII)
Presentation by: Ross Federgreen*
*Founder, CSRSI® THE PAYMENT ADVISORS
![Page 2: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/2.jpg)
![Page 3: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/3.jpg)
![Page 4: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/4.jpg)
![Page 5: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/5.jpg)
PII
Covers a wide range of data elements which can be tied back to or represent a given individual and can be used to cause harm to the individual if used without proper authorization.
![Page 6: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/6.jpg)
PII • Individual Name• Address• Telephone number• Social Security number• Driver License number• Date of Birth• Bank Account number• Credit and Debit card number• State Identification number• Passwords
![Page 7: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/7.jpg)
PII • Regulation
• ALL States • Federal • Civil and Criminal
![Page 8: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/8.jpg)
PII Federal Information Security Laws
Federal Trade Commission Act of 1914 (FTC Act) and FTC Standards for Safeguarding Customer Information (FTC Safeguards Rule) enacted in 2003.
![Page 9: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/9.jpg)
PII Federal Information Security Laws
• Federal Privacy Act• Federal Information Security Management Act• OMB Security Act• Veterans Affairs Information Security Act• Gramm-Leach-Bliley Act• Federal Trade Commission Act (FTC ACT)• Fair Credit Reporting Act• Hospital Insurance Portability and Accountability Act (HIPAA)• Public Company Accounting Reform and Investor Protection Act
(Sarbanes-Oaxley)• Family Educational Rights and Privacy Act (FERPA)• Drivers Advocacy Protection Act (DPPA)• Fair and Accurate Transaction Act (FACTA)• USA Patriot Act
![Page 10: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/10.jpg)
PII Federal Information Security Laws
Customer Identification Program Rules implementing Section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act)
![Page 11: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/11.jpg)
PII 110th Congress-Data Security Bills
Three bills were reported favorably out of Senate committees:• S.239 (Feinstein)• S.495 (Leahy)• S.1178 (Inouye)
• Information and Data Breach Notification Requirements
Other bills introducedS 806 (Pryor) S 1202 (Sessions) S 1260 (Carper) S 1558 (Coleman)
HR 516 (Davis), HR 836 (Smith), HR 958 (Rush), HR 1307 (Wilson)HR 1685 (Price), HR 2124 (Davis)
![Page 12: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/12.jpg)
PII As of January 2008, 39 states have enacted data security laws requiring entities to notify persons affected by security breaches and in some cases, to implement security programs to protect the security, confidentiality and integrity of data.
Six states have introduced bills or enacted legislation to strengthen merchant security and/or hold companies liable for third party companies cost arising from data breaches.
CaliforniaConnecticutIllinoisMassachusettsMinnesotaTexas
![Page 13: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/13.jpg)
PII Federal Trade Commission (FTC):
Identity theft is the most common complaint from consumers in all 50 states.
Represents between 35% and 40% of all complaints for the years 2005, 2006 and 2007
In 2006 there were over 246,000 complaints filed.
![Page 14: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/14.jpg)
PII Data Breaches
Identity TheftFinancial Crimes
Credit Card FraudUtilities FraudBank FraudMortgage FraudEmployment Related FraudGovernment Documents FraudBenefits FraudLoan FraudHealth Care Fraud
![Page 15: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/15.jpg)
PII Public concerns with Identity Theft:
Security of sensitive information
Security of computer systems
Federal laws protecting
Adequacy of enforcement
![Page 16: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/16.jpg)
PII LIABILITY FOR Identity Theft:
RetailersCredit Card IssuersPayment ProcessorsBanksData Processors
![Page 17: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/17.jpg)
PII CRIMINAL PROSECUTION
FAILURE TO REPORT
UNAUTHORIZED POSSESSION
UNAUTHORIZED ACCESS
FAILURE TO SAFEGUARD
![Page 18: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/18.jpg)
PII Federal Trade Commission
CONSENT DECREE JANUARY 2008LIFE IS GOOD.com
Being embraced as a minimum standard for operating entities to comply
with on a going forward basis
![Page 19: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/19.jpg)
PII Federal Trade Commission
CONSENT DECREE JANUARY 2008“COMPREHENSIVE INFORMATION-SECURITY PROGRAM”
Includes administrative, technical and physical safeguards tailored to the size of the commercial entity, the nature of its activities and the sensitivity of the personal information collected.
SIX GENERAL MANDATES
![Page 20: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/20.jpg)
PII Federal Trade Commission
CONSENT DECREE JANUARY 2008Mandates:
Designation of an employee or employees to coordinate the information security program.
![Page 21: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/21.jpg)
PII Federal Trade Commission
CONSENT DECREE JANUARY 2008Mandates:
Identification of internal and external risks to the security and confidentiality of personal information and assess the safeguards already in place.
![Page 22: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/22.jpg)
PII Federal Trade Commission
CONSENT DECREE JANUARY 2008Mandates:
Creation and implementation of safeguards to control the risks identified in the risk assessment.
![Page 23: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/23.jpg)
PII Federal Trade Commission
CONSENT DECREE JANUARY 2008Mandates:
Monitoring the safeguard effectiveness
![Page 24: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/24.jpg)
PII Federal Trade Commission
CONSENT DECREE JANUARY 2008Mandates:
Development of reasonable steps to select and oversee service providers that handle personal information
![Page 25: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/25.jpg)
PII Federal Trade Commission
CONSENT DECREE JANUARY 2008Mandates:
Evaluation and adjustment of the program to reflect results of monitoring, material changes to the companies operations or other circumstances that may affect program efficiency.
![Page 26: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/26.jpg)
PII VISA CISP BULLETIN MAY 14, 2007
LEVEL 4 MERCHANT COMPLIANCE PROGRAM REQUIREMENTS
1. TIMELINE OF CRITICAL EVENTS2. RISK-PROFILING STRATEGY3. MERCHANT EDUCATION STRATEGY4. COMPLIANCE STRATEGY5. COMPLIANCE REPORTING
![Page 27: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/27.jpg)
PII CONCLUSION:
PCI DSS IS A SUBSET OF PII REGULATION
SIMPLY ASKING A MERCHANT TO ANSWER THE PCI DSS SAQ WITHOUT TRUE EDUCATON, RISK ANALYSIS AND FOLLOW-UP MONITORING FAILS TO MEET THE STANDARD
REGULATION, RISK AND LIABILITY WILL ONLY INCREASE IN THE CURRENT ENVIRONMENT
![Page 28: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/28.jpg)
Review Articles
Federgreen, R; The facts on FACTA; The Green Sheet; 8:06:01; 2008
Federgreen, R; PCI DSS and HIPAA- The security standards share common ground. Transaction Trends; 2007
Federgreen, R; PCI Eye to eye with federal law; The Green Sheet; 7:07:02; 2007
VISA.COM/CISP
![Page 29: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/29.jpg)
![Page 30: Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint](https://reader036.fdocuments.in/reader036/viewer/2022062615/547d16ea5806b5cc3f8b4845/html5/thumbnails/30.jpg)