Keeping Customer/Client Identity Information Safe – Oregon Identify Theft Act requirements

This is an excerpt from a great lunch and learn we had today at the Tigard Chamber on the Oregon Identity Theft Act and what is required to protect consumer/customer/client identify information.   This information was presented by Diane Childs with the State of Oregon, Dept of Consumer & Business Services. The Oregon Identity Theft act applies to businesses, nonprofits and government entities  that are collecting, maintaining and sharing personal identifying information from clients, consumers, and customers.  This includes social security numbers, drivers license numbers and financial account numbers such as checking accounts, credit card numbers etc. Oregon ranked  # 30 in identity theft crime, we used to be #13, so things have improved dramatically.  The top methods of identity theft are:19.5% hacking
16.9% insider theft
15.7% data on the move. a laptop, thumb drive or other mobile electronic device with personal info that gets lost or stolen
“Personal identifying info” is classified as someone’s name in conjunction with their:
Social Security Number
Driver License number
Passport Number
Financial account info
A “security breach is when personal identifying info gets out in computer format. How to protect consumer data – To safe guard info you must develop, implement and maintain reasonable safeguards including proper disposal of that information. Develop a working plan
Top down
All electronic systems should be included
Apply to all employees and users and their devices
“clean desk policy” personal identifying info is not lying around, you now where it is
Assess – know where your information is and who has access to it.
Protect – locking file cabinet
Reduce – getting rid of documents
Train – people know that you need clients and customers to trust you
Detect – issues with our computer, go with your gut
Destroy – shred, get rid of info on hard drives copy machines have hard drives
For those under Graham-Leach-Bliley and HIPPA you should follow safeguards required under these acts.
for employees follow Oregon law for you employees
To prevent theft of social security numbers follow these steps:
No posting or displaying
No printing on materials  sent thru mail if not requested unless redacted
No printing consumer name and SSN on a card used by consumer to access products or services
*Exceptions records required by state or federal law If sensitive data stolen
If computerized personal identifying info is stolen send info to customer as soon as possible
Notify credit reporting agencies if more than 1000 people impacted
Use Mail, email, phone
For more info www.Dfcs.Oregon.gov. Click on identity theft or phone 503-378-4140. From attendee dialogue: From a local banker – If you have business checking and credit/debit cards associated with it , need online banking as you only have 24 hours to catch fraudulent charges if you want them reversed.  If find later than that, may not get reimbursed.  Check your accounts daily. From an web designer – Gas Stations and restaurants only place where your credit card walks away for the payment to be transacted, something to think about.  Maybe take it up yourself. You can use Ic3.gov to report complaints on bogus emails searching for personal identifying information.  There have been some recently posing as if they were from PayPal, UPS, Fedex and the IRS. Interested in Tigard Chamber lunch and learns?  We hold them the 1st and 3rd Wednesday of each month from noon-1:00 p.m. at the chamber.  Check our website at www.tigardchamber.org/site/directory/events to see what topics are coming up, or subscribe to our weekly newsletter by e-mailing the Tigard Chamber at info@tigardchamber.org  

Leave a Reply

Your email address will not be published.