Privacy SecurityFelecia Vlahos Information Security Officer
Information Privacy
Prevention of intentional or unintentional unauthorized disclosure of information
Types of private information
Medical (ADHD, AIDS, etc.) Relational (heritage, sexual) Academic (grades) Financial (accounts, SSN) Business (mergers, recipe) Military (locations, weapons) Religious (Christian, Muslim) Etc.
http://www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf
2004 = http://www.consumer.gov/idtheft/stats.html 2005 = www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf
2004 = http://www.consumer.gov/idtheft/stats.html 2005 = www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf
Damages
Financial Fraud (they use your money)
Charges on credit card ($50, new card)
Drain of account (depends, new account/password)
Serious Damages
Identity Theft (they become you!)
Lots of financial fraud($50x?, ? new cards)
New credit established(time/money to prove your identity, lower credit
rate/loss of car or home/need to use deposit accounts, hounded by collectors)
New address established(time/money to prove your identity, unable to rent)
Police record(time in jail/bail!!, trial/loss of job)
Military record(time in the brig, new career)
Key to Lower Damages
Early detection!
How to Detect?http://onguardonline.gov/quiz/idtheft_quiz.html
How to Detect?
How to Detect?
How to Detect?http://www.consumer.gov/idtheft/pdf/synovatereport.pdf
Who will Detect? WAS http://www.consumer.gov/idtheft/stats.html
Where is the Information?
Paper Tapes/floppies CDROM/usb drive File/web/database servers Desktops (home and work) Laptop/iPod/Palm Pilot Treo/Blackberry/cell phones
Who is collecting the Information? Business (water company, ebay, rental,
real estate, UPS)
Membership (library, Vons, gym)
Credit bureaus Health (doctor, dentist, hospital, vet)
Education (preschool, elem, JHS, HS, college)
Insurance (health, car, home)
Child care Banking (checking, credit cards, loans)
Laws & Regulations Federal laws
The Family Education Rights and Privacy Act of 1974 (FERPA) Gramm-Leach-Bliley Act of 1999 Health Care Portability and Accountability Act of 1996 (HIPAA) USA Patriot Act of 2001 The Freedom of Information Act (5 U.S.C. § 552, As Amended
by Public Law No. 104-231, 110 Stat. 3048) Fair and Accurate Credit Transactions Act of 2003 (FACTA) FTC (16CFR, Part 314), Standards for Safeguarding Customer
Information: Final Rule, May 23, 2002 State laws
California Civil Code 1798 (Information Practices Act of 1977; Notification of security breaches; restricted use of security numbers California)
California Penal Code530.5 (Identity Theft) California Code of Regulations, Title 5, Education, Section
42396-42396.5 (Privacy and Personal Information Management)
California Education Code, Section 89546, Employee Access Information Pertaining to Themselves
Comprehensive Computer Data Access and Fraud act (California Penal code, Section 502)
Government Code 6250-6265 (California Public Records Act)
Benefits Derived Required to develop a security plan
(security.sdsu.edu) Prohibited from:
1. Publicly posting or displaying an individual’s social security number.2. Printing an individual’s social security number on any card required for
access to products or services.3. Requiring an individual to transmit his/her social security number over
the Internet, unless the connection is secure or the social security number is encrypted.
4. Requiring an individual to use a social security number to access an Internet Web site, unless a password, unique personal identification number, or other authentication device is required also.
5. Printing an individual’s social security number on materials that are mailed. A social security number may not be printed on a postcard or visible on an envelope.
6. Encoding or embedding a social security number in a card or document,
including using a bar code, chip,magnetic strip, or any other technology. After December 4, 2006, companies will not
be allowed to print your credit or debit card expiration date or more than the last 5 digits of your card number on your electronic receipt.
Protect Yourself!!
Decline to provide the information (Digitizers, SD County Library, BoA fingerprint)
Free Credit Report Annually: https://www.annualcreditreport.com
Favorite ID Theft sites: http://www.ou.edu/oupd/inetmenu.htm http://www.privacy.ca.gov/
Credit bureaus: (fraud alert, freeze/suspend files, subscription services)
Equifax - www.equifax.com Experian - www.experian.com Trans Union - www.transunion.com
Minimize the risk: ATM/Credit card combination
SSN on auto deposit
Storage of data offline
Subscription Service
Scary Email Spring 2006
Login to Service
Credit alerts in last 30 days
Contact information
Contact Information
Information Technology Security OfficeFelecia Vlahos
Information Security [email protected]
619-594-4049