3. “ A rise in identity theft is presenting employers with a major headache: They are being held liable for identity theft that occurs in the workplace.” Douglas Hottle, Meyer, Unkovic & Scott, “ Workplace Identity Theft: How to Curb an HR Headache” BLR: Business and Legal Reports , September 19, 2006 Who Is Being Held Responsible
4.
5.
6. Correcting the victims’ records is so overwhelming it is imperative for businesses to protect the data. Where the Law Becomes Logical “ Once the credit systems accept bad data it can be next to impossible to clear.” USAToday June 5, 2007 “ Medical identity theft can impair your health and finances… and detecting this isn’t easy… and remedying the damages can be difficult.” Wall Street Journal October 11, 2007 TM
7.
8. Why should all businesses, corporations, schools, financial institutions, hospitals and governmental bodies be concerned about identity theft, FACTA-Red Flag Rules, GLB Safeguard Rules, and state legislation? Answer: Liability, both civil and criminal. Ask Yourself This Question
9.
10.
11.
12.
13. If an employer obtains, requests or utilizes consumer reports or investigative consumer reports for hiring purposes/background screening, then the employer is subject to FCRA requirements. www.ftc.gov/os/statutes/031224fcra.pdf Fair Credit Reporting Act (FCRA) Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You
21. Law Firms Are Looking for Victims “ Do you suspect that a large corporation or your employer has released your private information (through an accident or otherwise)? If you are one of many thousands whose confidential information was compromised, you may have a viable class action case against that company. Contact an attorney at the national plaintiffs' law firm of Lieff Cabraser to discuss your case. Lieff Cabraser defends Americans harmed by corporate wrongdoing.” “ Instead of losing our identities one by one, we're seeing criminals grabbing them in massive chunks -- literally millions at a time.”
22.
23.
24.
25. 2. ID Theft Plan and Sensitive and Non-Public Information Policy
28. If a number of your employees are notified of improper usage of their identities, this may act as an early warning system to your company of a possible internal breach which could further reduce your losses. 5. Potential Early Warning System
29. BLR says this “Provides an Affirmative Defense for the company.” 6. May Provide an Affirmative Defense “ One solution that provides an affirmative defense against potential fines, fees, and lawsuits is to offer some sort of identity theft protection as an employee benefit. An employer can choose whether or not to pay for this benefit . The key is to make the protection available, and have a employee meeting on identity theft and the protection you are making available, similar to what most employers do for health insurance … Greg Roderick, CEO of Frontier Management, says that his employees "feel like the company's valuing them more, and it's very personal." Business and Legal Reports January 19, 2006
30. 7 . Provide Proof You Offered A Mitigation Plan to Your Employees – Check Off Sheet
31.
32. 8. Continued – This form or one similar to it is required by the FTC for all employees* * FTC – Protecting Personal Information A Guide For Business pg 15 Use of Confidential Information By Employee I_______________ As an employee of _________________ I do hereby acknowledge that I must comply with a number of state and federal laws which regulate the handling of confidential and personal information regarding both customers/clients of the company and it’s other employees. These laws may include but not limited to FACTA, HIPPA, the Privacy Act, Gramm/Leach/Biley, ID Theft Laws (where applicable). I understand that I must maintain the confidentiality of ALL documents, credit card Information, and personnel information of any type and that such information may only be used for the intended business purpose. Any other use of said information is strictly prohibited. Additionally, should I misuse or breach and personal information of said clients and or employees, I understand I will be held fully accountable both civilly and criminally, which may include, but no limited to, Federal and State fines, criminal terms, real or implied financial damage incurred by the client, employee or the company. I have received a copy of the company’s Sensitive and Non-Public Information Policy. I understand and will fully comply with its provisions along with all other rules and regulations the company has in place regarding the handling of confidential information so as to protect the privacy of all parties involved. I also acknowledge that I have participated in a company sponsored Privacy and Security Identity Theft Training Program. ________________________________________ __________________ Employee Signature Date ________________________________________ Witness Signature
33.
34. The Advisory Council was established to provide quality counsel and advice. Legal Advisory Council Duke R. Ligon Advisory Council Member Former Senior V.P. & General Counsel Devon Energy Corp Grant Woods Advisory Council Member Former Arizona Attorney General Andrew P. Miller Advisory Council Member Former Virginia Attorney General Mike Moore Advisory Council Member Former Mississippi Attorney General
35. Just like other State and Federal laws, privacy and security laws are not optional. We can assist your company in starting the compliance process before a data breach, loss, or theft affects your employees or customers! Take Charge We can help provide a solution ! When would you like to schedule your employee training ?