Personal Information Protection

1
Personal Information Protection

• MaryEllen Callaghan
• Director for Human Resources
• May 2007

2
What is Personal Information?

• Personal Information is information that allows
  you to identify an individual student,
  prospective student or employee. This may
  include
• Names
• Addresses
• Phone Numbers
• Bank and Credit Card Account Numbers
• Income and Credit Histories
• Social Security Numbers
• Age
• Gender
• Income
• Employment
• Assets or Liabilities
• Personal References
• Health Records

3
Federal Trade Commission

• Identity Theft Video
• http//www.ftc.gov/bcp/edu/microsites/idtheft/

4
Sample Cases of Theft

• A person successfully installed keylogging
  software in 14 Kinko stores in the New York City
  area, without Kinkos knowledge or permission.
  He was able to capture customers usernames and
  passwords.
• An Israeli man was arrested for hacking into a US
  electronics companys system and stealing the
  personal information (including credit card
  numbers) of 80,000 customers.
• A former employee of a Long Island software
  company, Teledata Communications allegedly stole
  the credit histories of thousands of customers.
• An employee of the Temptation Restaurant in Boca
  Grande, was arrested after stealing credit card
  numbers of customers by using an electronic
  devise to skim their credit cards.
• Better Business Bureau
• www.bbb.org

5
National Identity Theft Data
http//www.ftc.gov/bcp/edu/microsites/idtheft/down
loads/clearinghouse_2006.pdf
6
New York State Identity Theft Data
http//www.consumer.gov/idtheft/pdf/CY2005/New20Y
ork20CY-2005.pdf
7
Methods of Theft

• Dumpster Diving. Rummaging through trash looking
  for bills or other paper with personal
  information.
• Skimming. Stealing credit/debit card numbers by
  using a special storage device when processing
  credit cards.
• Phishing. Pretending to be financial institutions
  or companies and send spam or pop-up messages to
  get individuals to reveal personal information.
• Changing Your Address. Diverting billing
  statements to another location by completing a
  "change of address" form.
• "Old-Fashioned" Stealing. Stealing wallets and
  purses mail, including bank and credit card
  statements pre-approved credit offers and new
  checks or tax information. This includes stealing
  personnel records from employers, or bribing
  employees who have access.

8
Deterring Theft Tips from the Better Business
Bureau

• Identify and assess risks to personal information
  in your department and in your own position.
• If you dont need it, dont collect it.
• If you need it once, dont save it longer.
• If you have to keep it, keep it secure.
• Dont broadcast personal information.
• Dont give employee or student information to
  anyone. When in doubt, forward the requestor to
  the Director for Human Resources.
• Shred financial documents and paperwork with
  personal information before discarding them.
• Limit access to personal data to only those
  employees who truly need it.
• Use complex passwords and change them at least
  every 90 days. A tough to crack password is at
  least six characters, upper and lower case with a
  combination of letters, numbers and symbols.

9
Deterring Theft Tips from the FTC

• Protect your Social Security number. Don't carry
  your Social Security card in your wallet or write
  your Social Security number on a check. Give it
  out only if absolutely necessary or ask to use
  another identifier.
• Don't give out personal information on the phone,
  through the mail, or over the Internet unless you
  know who you are dealing with.
• Never click on links sent in unsolicited emails
  instead, type in a web address you know. Use
  firewalls, anti-spyware, and anti-virus software
  to protect your home computer keep them
  up-to-date. Visit OnGuardOnline.gov for more
  information.
• Don't use an obvious password like your birth
  date, your mother's maiden name, or the last four
  digits of your Social Security number.
• Keep your personal information in a secure place
  at home, especially if you have roommates, employ
  outside help, or are having work done in your
  house.

10
Detecting Theft Tips from the FTC

• Detect suspicious activity by routinely
  monitoring your financial accounts and billing
  statements.
• Be alert to signs that require immediate
  attention
• Bills that do not arrive as expected
• Unexpected credit cards or account statements
• Denials of credit for no apparent reason
• Calls or letters about purchases you did not make
  
• Inspect
• Your credit report. Credit reports contain
  information about you, including what accounts
  you have and your bill paying history.
• The law requires the major nationwide consumer
  reporting companiesEquifax, Experian, and
  TransUnionto give you a free copy of your credit
  report each year if you ask for it.
• Visit www.AnnualCreditReport.com or call
  1-877-322-8228, a service created by these three
  companies, to order your free credit reports each
  year. You also can write Annual Credit Report
  Request Service, P.O. Box 105281, Atlanta, GA
  30348-5281.
• Your financial statements. Review financial
  accounts and billing statements regularly,
  looking for charges you did not make.

11
Defending Against Theft Tips from the FTC

• Place a "Fraud Alert" on your credit reports, and
  review the reports carefully. The alert tells
  creditors to follow certain procedures before
  they open new accounts in your name or make
  changes to your existing accounts. The three
  nationwide consumer reporting companies have
  toll-free numbers for placing an initial 90-day
  fraud alert a call to one company is sufficient
  
• Equifax 1-800-525-6285 Experian 1-888-EXPERIAN
  (397-3742) TransUnion 1-800-680-7289
• Placing a fraud alert entitles you to free copies
  of your credit reports. Look for inquiries from
  companies you haven't contacted, accounts you
  didn't open, and debts on your accounts that you
  can't explain.
• Close accounts. Close any accounts that have been
  tampered with or established fraudulently.
• Call the security or fraud departments of each
  company where an account was opened or changed
  without your okay. Follow up in writing, with
  copies of supporting documents.
• Use the ID Theft Affidavit at ftc.gov/idtheft to
  support your written statement.
• Ask for verification that the disputed account
  has been closed and the fraudulent debts
  discharged.
• Keep copies of documents and records of your
  conversations about the theft.

12
Defending Against Theft Tips from the FTC

• File a police report. File a report with law
  enforcement officials to help you with creditors
  who may want proof of the crime.
• Report the theft to the Federal Trade Commission.
  Your report helps law enforcement officials
  across the country in their investigations.
• Online ftc.gov/idtheft
• By phone 1-877-ID-THEFT (438-4338) or TTY,
  1-866-653-4261
• By mail Identity Theft Clearinghouse, Federal
  Trade Commission, Washington, DC 20580

13
The Iona College Information Security Policy

• As part of the Iona College Information Security
  Policy, each employee is responsible for the
  following
• Safeguarding personally identifying information
  which may include such things as name, address,
  age, gender, identification numbers (employee ID
  and Social Security Numbers), income, employment,
  assets, liabilities, source of funds, payment
  records, personal references and health records.
  This includes paper and electronic files and
  recordkeeping (please see the Computer Security
  and Usage Policy 12.8 and Agreement for Use of
  Personal Computers Form 154).
• Securely locking files and paper records
  containing personal information.
• Ensuring computers and applicable programs are
  password protected (please see the Computer
  Security and Usage Policy 12.8 and Agreement for
  Use of Personal Computers Form 154).
• Ensuring computer passwords are used consistently
  and changed frequently (please see the Computer
  Security and Usage Policy 12.8 and Agreement for
  Use of Personal Computers Form 154).
• Shredding and carefully disposing of records
  containing personally identifying information.
• Limiting access to personal information to only
  those who have an absolute need for its use.
• Disallowing the dissemination of personal
  information to outside parties without specific
  prior permission from the Director for Human
  Resources and/or the Vice Provost for Information
  Technology.
• Immediately reporting a breach in data security
  to the Director for Campus Safety and Security
  and the Director for Human Resources and/or the
  Vice Provost for Information Technology.

14
Iona College Contact Information

• Vice Provost for Information Technology
• Joanne Steele
• x2691
• Director for Campus Safety and Security
• Dominic Locatelli
• x2245
• Director for Human Resources
• MaryEllen Callaghan
• x2067

15
For Additional Information

• Federal Trade Commission
• www.ftc.gov/idtheft
• The Better Business Bureau
• www.bbb.org
• US Department of Justice
• www.usdoj.gov/criminal/fraud/idtheft.html