Adrs Presentation March 2008

56 %
44 %
Information about Adrs Presentation March 2008
Education

Published on January 27, 2009

Author: guestabd20

Source: slideshare.net

Description

Identity Theft compliance laws and how I can help your business at no cost to your business

Affirmative Defense Response System (ADRS) MINIMIZE YOUR RISK

The Problem of Identity Theft What identity theft is in reality Laws related to identity theft that affect employers, executives and business owners Best Answer to Problem Layered protection Identity theft program and training Implementing reasonable steps at little or no cost that will lower your risk and minimize your exposure Today’s Topics

The Problem of Identity Theft

What identity theft is in reality

Laws related to identity theft that affect employers, executives and business owners

Best Answer to Problem

Layered protection

Identity theft program and training

Implementing reasonable steps at little or no cost that will lower your risk and minimize your exposure

“ A rise in identity theft is presenting employers with a major headache: They are being held liable for identity theft that occurs in the workplace.” Douglas Hottle, Meyer, Unkovic & Scott, “ Workplace Identity Theft: How to Curb an HR Headache” BLR: Business and Legal Reports , September 19, 2006 Who Is Being Held Responsible

“ With the workplace being the site of more than half of all identity thefts , HR executives must ‘stop thinking about data protection as solely an IT responsibility,’ says one expert. More education on appropriate handling and protection of information is necessary, among other efforts.” “ ID Thefts Prevalent at Work”, Human Resource Executive , April 5, 2007 Identity Theft Prevalent at Work

“ With the workplace being the site of more than half of all identity thefts , HR executives must ‘stop thinking about data protection as solely an IT responsibility,’ says one expert. More education on appropriate handling and protection of information is necessary, among other efforts.”

“ ID Thefts Prevalent at Work”, Human Resource Executive , April 5, 2007

Drivers License Medical Financial Identity theft is not just about credit cards . It is a legal issue! It is an international crime and access to an attorney may be critical. Social Security Character/ Criminal Five Common Types of Identity Theft

Identity theft is not just about credit cards .

It is a legal issue!

It is an international crime and access to an attorney

may be critical.

Correcting the victims’ records is so overwhelming it is imperative for businesses to protect the data. Where the Law Becomes Logical “ Once the credit systems accept bad data it can be next to impossible to clear.” USAToday June 5, 2007 “ Medical identity theft can impair your health and finances… and detecting this isn’t easy… and remedying the damages can be difficult.” Wall Street Journal October 11, 2007 TM

The Cost to Businesses Employees can take up to 600 hours , mainly during business hours , to restore their identities “ If you experience a security breach, 20 percent of your affected customer base will no longer do business with you, 40 percent will consider ending the relationship, and 5 percent will be hiring lawyers!”* “ When it comes to cleaning up this mess, companies on average spend 1,600 work hours per incident at a cost of $40,000 to $92,000 per victim.”* *CIO Magazine, The Coming Pandemic , Michael Freidenberg, May 15 th , 2006

Employees can take up to 600 hours , mainly during business hours , to restore their identities

“ If you experience a security breach, 20 percent of your affected customer base will no longer do business with you, 40 percent will consider ending the relationship, and 5 percent will be hiring lawyers!”*

“ When it comes to cleaning up this mess, companies on average spend 1,600 work hours per incident at a cost of $40,000 to $92,000 per victim.”*

Why should all businesses, corporations, schools, financial institutions, hospitals and governmental bodies be concerned about identity theft, FACTA-Red Flag Rules, GLB Safeguard Rules, and state legislation? Answer: Liability, both civil and criminal. Ask Yourself This Question

FACTA and FACTA Red Flag Rules Fair Credit Reporting Act Gramm, Leach, Bliley Safeguard Rules Individual State Laws Important Legislation Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You

FACTA and FACTA Red Flag Rules

Fair Credit Reporting Act

Gramm, Leach, Bliley Safeguard Rules

Individual State Laws

Fair and Accurate Credit Transactions Act (FACTA) Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You This law applies to businesses and individuals who maintain, or otherwise possess, consumer information for a business purpose and requires businesses to develop and implement a written privacy and security program. Employee or customer information lost under the wrong set of circumstances may cost your company: Federal and State fines of $2500 per occurrence Civil liability of $1000 per occurrence Class action lawsuits with no statutory limitation Responsible for actual losses of an individual ($92,893 Avg.)

This law applies to businesses and individuals who maintain, or otherwise possess, consumer information for a business purpose and requires businesses to develop and implement a written privacy and security program.

Employee or customer information lost under the wrong

set of circumstances may cost your company:

Federal and State fines of $2500 per occurrence

Civil liability of $1000 per occurrence

Class action lawsuits with no statutory limitation

Responsible for actual losses of an individual ($92,893 Avg.)

Red Flag Rules recently became effective in January 2008, and compliance is required by November 2008. Under these rules, covered accounts, creditors and businesses: Must develop and implement a written privacy and security program. Must obtain approval of the initial written program from either its board of directors or an appropriate committee of the board of directors. Or if the business does not have a board of directors it must have a designated employee at the level of senior management. Small businesses are not exempt. The oversight, development, implementation and administration of the program must be performed by an employee at the level of senior management. Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You FACTA Red Flag Rules

Red Flag Rules recently became effective in January 2008, and compliance is required by November 2008. Under these rules, covered accounts, creditors and businesses:

Must develop and implement a written privacy and security program.

Must obtain approval of the initial written program from either its

board of directors or an appropriate committee of the board of

directors.

Or if the business does not have a board of directors it must have a

designated employee at the level of senior management. Small businesses

are not exempt.

The oversight, development, implementation and administration of

the program must be performed by an employee at the level of senior

management.

These rules also provide that covered accounts, creditors and businesses must also ensure their service providers and subcontractors comply and have reasonable policies and procedures in place. The rules state: Liability follows the data. A covered entity cannot escape its obligation to comply by outsourcing an activity. Businesses must exercise appropriate and effective oversight of service provider arrangements. Service providers and contractors must comply by implementing reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft. Contractors with whom the covered accounts exchange PII are required to comply and have reasonable policies and procedures in place to protect information. Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You FACTA Red Flag Rules

These rules also provide that covered accounts, creditors and businesses must also ensure their service providers and subcontractors comply and have reasonable policies and procedures in place. The rules state:

Liability follows the data.

A covered entity cannot escape its obligation to comply by outsourcing an

activity. Businesses must exercise appropriate and effective oversight of service

provider arrangements.

Service providers and contractors must comply by implementing reasonable

policies and procedures designed to detect, prevent and mitigate the risk of

identity theft.

Contractors with whom the covered accounts exchange PII are required to

comply and have reasonable policies and procedures in place to protect

information.

If an employer obtains, requests or utilizes consumer reports or investigative consumer reports for hiring purposes/background screening, then the employer is subject to FCRA requirements. www.ftc.gov/os/statutes/031224fcra.pdf Fair Credit Reporting Act (FCRA) Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You

Eight Federal Agencies and any State can enforce this law This law applies to organizations that maintains personal financial information regarding its clients or customers Non-Public Information (NPI) lost under the wrong set of circumstances may result in: Fines up to $1,000,000 per occurrence Up to 10 Years Jail Time for Executives Removal of management Executives within an organization can be held accountable for non-compliance both civilly and criminally Gramm, Leach, Bliley Safeguard Rules Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You

Eight Federal Agencies and any State can enforce this law

This law applies to organizations that maintains personal financial information regarding its clients or customers

Non-Public Information (NPI) lost under the wrong set of circumstances may result in:

Fines up to $1,000,000 per occurrence

Up to 10 Years Jail Time for Executives

Removal of management

Executives within an organization can be held accountable

for non-compliance both civilly and criminally

These laws apply to any organization including: Financial Institutions* Schools Credit Card Firms Insurance Companies Lenders Brokers Car Dealers Accountants Financial Planners Real Estate Agents * The FTC categorizes an impressive list of businesses as FI and these so-called “non-bank” businesses comprise a huge array of firms that may be unaware they are subject to GLB. Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You Privacy and Security Laws

Financial Institutions*

Schools

Credit Card Firms

Insurance Companies

Lenders

Brokers

Car Dealers

Accountants

Financial Planners

Real Estate Agents

These laws require businesses to: Appoint, in writing, an Information Security Officer Develop a written plan and policy to protect non-public information for employees and customers Hold training for all employees Oversee service provider arrangements Privacy and Security Laws Be Sure To Check With Your Attorney On How This Law May Specifically Apply To You

These laws require businesses to:

Appoint, in writing, an Information Security Officer

Develop a written plan and policy to protect non-public information for employees and customers

Hold training for all employees

Oversee service provider arrangements

This FTC publication suggests that companies should : “ Create a culture of security by implementing a regular schedule of employee training ” (pg 17) “ Make sure training includes employees at satellite offices, temporary help, and seasonal workers .” (pg 17) “ Ask every employee to sign an agreement to follow your company’s confidentiality and security standards for handling sensitive data” (pg 16) Protecting Personal Information A Guide For Business

This FTC publication suggests that companies should :

“ Create a culture of security by

implementing a regular schedule of

employee training ” (pg 17)

“ Make sure training includes employees

at satellite offices, temporary help, and

seasonal workers .” (pg 17)

“ Ask every employee to sign an agreement

to follow your company’s confidentiality

and security standards for handling

sensitive data” (pg 16)

“ Before outsourcing any of your business functions – payroll, web hosting, customer call center operations, data processing, or the like – investigate the company’s data security practices . . . ” (pg 19) Your liability follows your data . . . Protecting Personal Information A Guide For Business

“ Before outsourcing any of your business functions – payroll, web hosting, customer call center operations, data processing, or the like – investigate the company’s data security practices . . . ” (pg 19)

Your liability follows your data . . .

ABA Journal March 2006

“ We’re not looking for a perfect system,’ Broder says. ‘But we need to see that you’ve taken reasonable steps to protect your customers’ information.’” - “Stolen Lives”, ABA Journal , March 2006

“ We’re not looking for a perfect system,’ Broder says. ‘But we need to see that you’ve taken reasonable steps to protect your customers’ information.’”

Law Firms Are Looking for Victims “ Do you suspect that a large corporation or your employer has released your private information (through an accident or otherwise)? If you are one of many thousands whose confidential information was compromised, you may have a viable class action case against that company. Contact an attorney at the national plaintiffs' law firm of Lieff Cabraser to discuss your case. Lieff Cabraser defends Americans harmed by corporate wrongdoing.” “ Instead of losing our identities one by one, we're seeing criminals grabbing them in massive chunks -- literally millions at a time.”

Why and How We Help You… Set up reasonable steps to protect non-public information (NPI)/personally identifiable information (PII) Help create a “Culture of Security” Set up a potential Affirmative Defense Help protect employees and customers while potentially decreasing your company exposure

Set up reasonable steps to protect non-public information (NPI)/personally identifiable information (PII)

Help create a “Culture of Security”

Set up a potential Affirmative Defense

Help protect employees and customers while potentially decreasing your company exposure

We start the compliance process for your Company by providing templates for the appointment of the security officer and the written ID Theft security plan. To assist your company with compliance issues we will conduct a training required by law for your employees. We will also explain the different types of ID Theft and show your employees how they can protect themselves if they become a victim and why their and your customers’ personal information needs to be protected. We do all of this at no direct cost to your company . Affirmative Defense Response System

We start the compliance process for your Company by providing templates for the appointment of the security officer and the written ID Theft security plan.

To assist your company with compliance issues we will conduct a training required by law for your employees. We will also explain the different types of ID Theft and show your employees how they can protect themselves if they become a victim and why their and your customers’ personal information needs to be protected.

We do all of this at no direct cost to your company .

1. Appointment of Security Compliance Officer February 1, 2008 [insert employee designee] RE: Appointment of Security Compliance Officer Dear [employee]: As part of [Company’s] comprehensive information security program, we are pleased to appoint you as Security Officer. As Security Officer you will be responsible to design, implement and monitor a security program to protect the security, confidentiality and integrity of personal information collected from and about our employees, consumers and vendors. As Security Officer you will help [Company] identify material internal and external risks to the security of personal information; design and implement reasonable safeguards to control the risks identified in the risk assessment; evaluate and adjust the program in light of testing results; and continuous monitoring of the program and procedures. As Security Officer, [Company] will provide you access to training courses and materials on a continuing basis. Thank you for your commitment to [Company]. Sincerely, [Company] Chief Executive Officer

February 1, 2008

[insert employee designee]

RE: Appointment of Security Compliance Officer

Dear [employee]:

As part of [Company’s] comprehensive information security program, we are pleased to appoint you as Security Officer. As Security Officer you will be responsible to design, implement and monitor a security program to protect the security, confidentiality and integrity of personal information collected from and about our employees, consumers and vendors.

As Security Officer you will help [Company] identify material internal and external risks to the security of personal information; design and implement reasonable safeguards to control the risks identified in the risk assessment; evaluate and adjust the program in light of testing results; and continuous monitoring of the program and procedures.

As Security Officer, [Company] will provide you access to training courses and materials on a continuing basis.

Thank you for your commitment to [Company].

Sincerely,

[Company]

Chief Executive Officer

2. ID Theft Plan and Sensitive and Non-Public Information Policy

3. Privacy and Security Letter

4. May Reduce Company Losses * Subject To Terms And Conditions In the event of a data breach, this may help mitigate potential losses for your company. Our program may reduce your exposure to litigation, potential fines, fees and lawsuits. We will train on privacy and security laws and offer your employees a payroll deduction benefit that includes: Credit Monitoring Full Restoration Access to Legal Counsel This means employees who participate in this program may reduce your company’s exposures . The majority of the time in restoring an employee’s identity is covered by the memberships and not done on company time and/or company expense. Also, use of our Life Events Legal Plan provides help* that addresses related issues. Life Events Legal Plan & Legal Shield Monitoring Services Restoration Services

In the event of a data breach, this may help mitigate potential losses for your company. Our program may reduce your exposure to litigation, potential fines, fees and lawsuits. We will train on privacy and security laws and offer your employees a payroll deduction benefit that includes:

Credit Monitoring

Full Restoration

Access to Legal Counsel

This means employees who participate in this program may reduce your company’s exposures . The majority of the time in restoring an employee’s identity is covered by the memberships and not done on company time and/or company expense. Also, use of our Life Events Legal Plan provides help* that addresses related issues.

If a number of your employees are notified of improper usage of their identities, this may act as an early warning system to your company of a possible internal breach which could further reduce your losses. 5. Potential Early Warning System

BLR says this “Provides an Affirmative Defense for the company.” 6. May Provide an Affirmative Defense “ One solution that provides an affirmative defense against potential fines, fees, and lawsuits is to offer some sort of identity theft protection as an employee benefit. An employer can choose whether or not to pay for this benefit . The key is to make the protection available, and have a employee meeting on identity theft and the protection you are making available, similar to what most employers do for health insurance … Greg Roderick, CEO of Frontier Management, says that his employees "feel like the company's valuing them more, and it's very personal." Business and Legal Reports January 19, 2006

7 . Provide Proof You Offered A Mitigation Plan to Your Employees – Check Off Sheet

8. Mitigating Damages It makes Employees aware of their legal responsibilities to protect NPI It serves as proof that handlers of NPI have completed the training required by law To potentially protect yourself, you should have all employees sign this document… Be Sure To Check With Your Attorney Before Using A Form Such As This Use of Confidential Information by Employee

It makes Employees aware of their legal responsibilities to protect NPI

It serves as proof that handlers of NPI have completed the training required by law

8. Continued – This form or one similar to it is required by the FTC for all employees* * FTC – Protecting Personal Information A Guide For Business pg 15 Use of Confidential Information By Employee I_______________ As an employee of _________________ I do hereby acknowledge that I must comply with a number of state and federal laws which regulate the handling of confidential and personal information regarding both customers/clients of the company and it’s other employees. These laws may include but not limited to FACTA, HIPPA, the Privacy Act, Gramm/Leach/Biley, ID Theft Laws (where applicable). I understand that I must maintain the confidentiality of ALL documents, credit card Information, and personnel information of any type and that such information may only be used for the intended business purpose. Any other use of said information is strictly prohibited. Additionally, should I misuse or breach and personal information of said clients and or employees, I understand I will be held fully accountable both civilly and criminally, which may include, but no limited to, Federal and State fines, criminal terms, real or implied financial damage incurred by the client, employee or the company. I have received a copy of the company’s Sensitive and Non-Public Information Policy. I understand and will fully comply with its provisions along with all other rules and regulations the company has in place regarding the handling of confidential information so as to protect the privacy of all parties involved. I also acknowledge that I have participated in a company sponsored Privacy and Security Identity Theft Training Program. ________________________________________ __________________ Employee Signature Date ________________________________________ Witness Signature

Disclaimer The laws discussed in this presentation are, like most laws, routinely amended and interpreted through legal and social challenges. You are encouraged to review the laws and draw your own conclusions through independent research. The associate is not an attorney, and the information provided is not to be taken as legal advice. Your particular program must be tailored to your business’s size, complexity, and nature of its operation. Be sure to check with your attorney on how these laws may apply to you. Although our program serves as a potential affirmative defense for your business and greatly increases your protection, this may not be an absolute defense. We make no guarantee that implementing our program will protect the business from all liability.

The laws discussed in this presentation are, like most laws, routinely amended and interpreted through legal and social challenges. You are encouraged to review the laws and draw your own conclusions through independent research.

The associate is not an attorney, and the information provided is not to be taken as legal advice.

Your particular program must be tailored to your business’s size, complexity, and nature of its operation. Be sure to check with your attorney on how these laws may apply to you.

Although our program serves as a potential affirmative defense for your business and greatly increases your protection, this may not be an absolute defense. We make no guarantee that implementing our program will protect the business from all liability.

The Advisory Council was established to provide quality counsel and advice. Legal Advisory Council Duke R. Ligon Advisory Council Member Former Senior V.P. & General Counsel Devon Energy Corp Grant Woods Advisory Council Member Former Arizona Attorney General Andrew P. Miller Advisory Council Member Former Virginia Attorney General Mike Moore Advisory Council Member Former Mississippi Attorney General

Just like other State and Federal laws, privacy and security laws are not optional. We can assist your company in starting the compliance process before a data breach, loss, or theft affects your employees or customers! Take Charge We can help provide a solution ! When would you like to schedule your employee training ?

Add a comment

Related presentations

Related pages

Adrs Presentation March 2008, SlideSearchEngine.com

Adrs Presentation March 2008. 56 % 44 % Tweet. Information about Adrs Presentation March 2008. Education. business cost minimize adrs. Published on ...
Read more

Results as of March 2008 - library.corporate-ir.net

As of March 2008 Pension Funds Enersis 60.0% 19.7% ADRs 4.7% ... As of March 2008 ... This presentation may contain statements that constitute forward ...
Read more

SAMSON OIL & GAS LIMITED TO PRESENT AT DAHLMAN ROSE CONFERENCE

SAMSON OIL & GAS LIMITED TO PRESENT AT DAHLMAN ROSE CONFERENCE Denver 1600 hours March 11, Perth 0700 hours March 12 2008 Mr. Terry Barr, Samson Oil & Gas ...
Read more

Read Slide 1

CORPORATE PRESENTATION. MARCH 2011 Timeline. CSN ­ Share Ownership - December 31, 2010. CBS RIO IACO 0.9% 4.0%. 2009 / 2010. ADRs 24.6%. 2007 2008 Sale of ...
Read more

PRESENTATION ABSTRACTS FROM THE INTERNATIONAL FORUM ON ...

PRESENTATION ABSTRACTS FROM THE INTERNATIONAL FORUM ... (ADRs) was tested in ... During the collaborative from March to December 2007 the teams ...
Read more

Presentations - BBVA

ADRs; Significant events; ... Fixed Income Presentation March 2012: 12-03-2012: PDF: Unnim Acquistion ... 2008 2008 Presentations. Name Date
Read more

J.P. Morgan's adr.com | The premier site for the global ...

We've improved the best place to go for ADRs with: - Tailored workflows ... March 02, 2015. Congratulations ... The data on the adr.com website is delayed ...
Read more

By:Matthew Harrison, Research & Corporate Development ...

By:Matthew Harrison, Research & Corporate Development, HKEX Bonnie Chan, Listing, HKEx HONG KONG DEPOSITARY RECEIPTS (HDRs) Seminar on 17 September 2008.
Read more