Keeping Customer/Client Identity Information Safe – Oregon Identify Theft Act requirements

This is an excerpt from a great lunch and learn we had today at the Tigard Chamber on the Oregon Identity Theft Act and what is required to protect consumer/customer/client identify information.   This information was presented by Diane Childs with the State of Oregon, Dept of Consumer & Business Services. The Oregon Identity Theft act applies to businesses, nonprofits and government entities  that are collecting, maintaining and sharing personal identifying information from clients, consumers, and customers.  This includes social security numbers, drivers license numbers and financial account numbers such as checking accounts, credit card numbers etc. Oregon ranked  # 30 in identity theft crime, we used to be #13, so things have improved dramatically.  The top methods of identity theft are:19.5% hacking 16.9% insider theft 15.7% data on the move. a laptop, thumb drive or other mobile electronic device with personal info that gets lost or stolen “Personal identifying info” is classified as someone’s name in conjunction with their: Social Security Number Driver License number Passport Number Financial account info A “security breach is when personal identifying info gets out in computer format. How to protect consumer data – To safe guard info you must develop, implement and maintain reasonable safeguards including proper disposal of that information. Develop a working plan Top down All electronic systems should be included Apply to all employees and users and their devices “clean desk policy” personal identifying info is not lying around, you now where it is Assess – know where your information is and who has access to it. Protect – locking file cabinet Reduce – getting rid of documents Train – people know that you need clients and customers to trust you Detect – issues with our computer, go with your gut Destroy – shred, get rid of info on hard drives copy machines have hard drives For those under Graham-Leach-Bliley and HIPPA you should follow safeguards required under these acts. for employees follow Oregon law for you employees To prevent theft of social security numbers follow these steps: No posting or displaying No printing on materials  sent thru mail if not requested unless redacted No printing consumer name and SSN on a card used by consumer to access products or services *Exceptions records required by state or federal law If sensitive data stolen If computerized personal identifying info is stolen send info to customer as soon as possible Notify credit reporting agencies if more than 1000 people impacted Use Mail, email, phone For more info www.Dfcs.Oregon.gov. Click on identity theft or phone 503-378-4140. From attendee dialogue: From a local banker – If you have business checking and credit/debit cards associated with it , need online banking as you only have 24 hours to catch fraudulent charges if you want them reversed.  If find later than that, may not get reimbursed.  Check your accounts daily. From an web designer – Gas Stations and restaurants only place where your credit card walks away for the payment to be transacted, something to think about.  Maybe take it up yourself. You can use Ic3.gov to report complaints on bogus emails searching for personal identifying information.  There have been some recently posing as if they were from PayPal, UPS, Fedex and the IRS. Interested in Tigard Chamber lunch and learns?  We hold them the 1st and 3rd Wednesday of each month from noon-1:00 p.m. at the chamber.  Check our website at www.tigardchamber.org/site/directory/events to see what topics are coming up, or subscribe to our weekly newsletter by e-mailing the Tigard Chamber at info@tigardchamber.org  

Leave a Reply

Your email address will not be published. Required fields are marked *