SlideShare a Scribd company logo

Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint

Download as PPTX, PDF
Jan Carroza
Jan Carroza

Retailers are liable for identity theft and can be subject to fines and criminal prosecution for breach. What consumer information is considered Personally Identifiable Information (PII)? What laws should retailers be aware of? What are the 6 General Mandates that affect every retailer? What can merchants do to secure their electronic payments systems and procedures?

1 of 31
Personally Identifiable Information(PII) Presentation by: Ross Federgreen* *Founder, CSRSI® THE PAYMENT ADVISORS
PII Covers a wide range of data elements which can be tied back to or represent a given individual and can be used to cause harm to the individual if used without proper authorization.
PII ,[object Object]
Address
Telephone number
Social Security number
Driver License number
Date of Birth
Bank Account number
Credit and Debit card number
State Identification number
Passwords,[object Object]
ALL States
Federal
Civil and Criminal,[object Object]
PII Federal Information Security Laws ,[object Object]
Federal Information Security Management Act
OMB Security Act
Veterans Affairs Information Security Act
Gramm-Leach-Bliley Act
Federal Trade Commission Act (FTC ACT)
Fair Credit Reporting Act
Hospital Insurance Portability and Accountability Act (HIPAA)
Public Company Accounting Reform and Investor Protection Act (Sarbanes-Oaxley)
Family Educational Rights and Privacy Act (FERPA)
Drivers Advocacy Protection Act (DPPA)
Fair and Accurate Transaction Act (FACTA)
USA Patriot Act,[object Object]

Recommended

Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityKegler Brown Hill + Ritter
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Data protection
Data protectionData protection
Data protectionRaviPrashant5
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 

Recommended

Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityKegler Brown Hill + Ritter
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Data protection
Data protectionData protection
Data protectionRaviPrashant5
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processingTim Gough
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-OverviewErica Walker
 
2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your BusinessTrustArc
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliantTrustArc
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Happiest Minds Technologies
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionTrustArc
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
BigId GDPRcompliance
BigId GDPRcomplianceBigId GDPRcompliance
BigId GDPRcomplianceFatime Traoré
 
Safeguarding Consumers’ Financial Data 2014
Safeguarding Consumers’ Financial Data 2014Safeguarding Consumers’ Financial Data 2014
Safeguarding Consumers’ Financial Data 2014- Mark - Fullbright
 
C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315Colin Zick
 

More Related Content

What's hot

Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processingTim Gough
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your BusinessTrustArc
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliantTrustArc
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Happiest Minds Technologies
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionTrustArc
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 

What's hot (20)

Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing?
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement action
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
BigId GDPRcompliance
BigId GDPRcomplianceBigId GDPRcompliance
BigId GDPRcompliance
 

Similar to Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint

Safeguarding Consumers’ Financial Data 2014
Safeguarding Consumers’ Financial Data 2014Safeguarding Consumers’ Financial Data 2014
Safeguarding Consumers’ Financial Data 2014- Mark - Fullbright
 
C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315Colin Zick
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...Kenneth Riley
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?- Mark - Fullbright
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksPrivacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksTechWell
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesGiannisBasa
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Know your rights protection against facial recognition software.
Know your rights protection against facial recognition software.Know your rights protection against facial recognition software.
Know your rights protection against facial recognition software.Diganth Raj Sehgal
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industryNumaan Huq
 
Access Cards and Identity Management - is it worthwhile?
Access Cards and Identity Management - is it worthwhile?Access Cards and Identity Management - is it worthwhile?
Access Cards and Identity Management - is it worthwhile?Robert Bromwich
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 

Similar to Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint (20)

Safeguarding Consumers’ Financial Data 2014
Safeguarding Consumers’ Financial Data 2014Safeguarding Consumers’ Financial Data 2014
Safeguarding Consumers’ Financial Data 2014
 
C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315C Zick Foley Hoag FEI presentation 111315
C Zick Foley Hoag FEI presentation 111315
 
Identity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for BusinessIdentity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for Business
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksPrivacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal Risks
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization Issues
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Know your rights protection against facial recognition software.
Know your rights protection against facial recognition software.Know your rights protection against facial recognition software.
Know your rights protection against facial recognition software.
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the Philippines
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
 
Access Cards and Identity Management - is it worthwhile?
Access Cards and Identity Management - is it worthwhile?Access Cards and Identity Management - is it worthwhile?
Access Cards and Identity Management - is it worthwhile?
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 

Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint

  • 1. Personally Identifiable Information(PII) Presentation by: Ross Federgreen* *Founder, CSRSI® THE PAYMENT ADVISORS
  • 2.
  • 3.
  • 4.
  • 5. PII Covers a wide range of data elements which can be tied back to or represent a given individual and can be used to cause harm to the individual if used without proper authorization.
  • 6.
  • 13. Credit and Debit card number
  • 15.
  • 18.
  • 19.
  • 20. Federal Information Security Management Act
  • 22. Veterans Affairs Information Security Act
  • 24. Federal Trade Commission Act (FTC ACT)
  • 25. Fair Credit Reporting Act
  • 26. Hospital Insurance Portability and Accountability Act (HIPAA)
  • 27. Public Company Accounting Reform and Investor Protection Act (Sarbanes-Oaxley)
  • 28. Family Educational Rights and Privacy Act (FERPA)
  • 29. Drivers Advocacy Protection Act (DPPA)
  • 30. Fair and Accurate Transaction Act (FACTA)
  • 31.
  • 32.
  • 35. Information and Data Breach Notification RequirementsOther bills introduced S 806 (Pryor) S 1202 (Sessions) S 1260 (Carper) S 1558 (Coleman) HR 516 (Davis), HR 836 (Smith), HR 958 (Rush), HR 1307 (Wilson) HR 1685 (Price), HR 2124 (Davis)
  • 36. PII As of January 2008, 39 states have enacted data security laws requiring entities to notify persons affected by security breaches and in some cases, to implement security programs to protect the security, confidentiality and integrity of data. Six states have introduced bills or enacted legislation to strengthen merchant security and/or hold companies liable for third party companies cost arising from data breaches. California Connecticut Illinois Massachusetts Minnesota Texas
  • 37. PII Federal Trade Commission (FTC): Identity theft is the most common complaint from consumers in all 50 states. Represents between 35% and 40% of all complaints for the years 2005, 2006 and 2007 In 2006 there were over 246,000 complaints filed.
  • 38. PII Data Breaches Identity Theft Financial Crimes Credit Card Fraud Utilities Fraud Bank Fraud Mortgage Fraud Employment Related Fraud Government Documents Fraud Benefits Fraud Loan Fraud Health Care Fraud
  • 39. PII Public concerns with Identity Theft: Security of sensitive information Security of computer systems Federal laws protecting Adequacy of enforcement
  • 40. PII LIABILITY FOR Identity Theft: Retailers Credit Card Issuers Payment Processors Banks Data Processors
  • 41. PII CRIMINAL PROSECUTION FAILURE TO REPORT UNAUTHORIZED POSSESSION UNAUTHORIZED ACCESS FAILURE TO SAFEGUARD
  • 42. PII Federal Trade Commission CONSENT DECREE JANUARY 2008 LIFE IS GOOD.com Being embraced as a minimum standard for operating entities to comply with on a going forward basis
  • 43. PII Federal Trade Commission CONSENT DECREE JANUARY 2008 “COMPREHENSIVE INFORMATION-SECURITY PROGRAM” Includes administrative, technical and physical safeguards tailored to the size of the commercial entity, the nature of its activities and the sensitivity of the personal information collected. SIX GENERAL MANDATES
  • 44. PII Federal Trade Commission CONSENT DECREE JANUARY 2008 Mandates: Designation of an employee or employees to coordinate the information security program.
  • 45. PII Federal Trade Commission CONSENT DECREE JANUARY 2008 Mandates: Identification of internal and external risks to the security and confidentiality of personal information and assess the safeguards already in place.
  • 46. PII Federal Trade Commission CONSENT DECREE JANUARY 2008 Mandates: Creation and implementation of safeguards to control the risks identified in the risk assessment.
  • 47. PII Federal Trade Commission CONSENT DECREE JANUARY 2008 Mandates: Monitoring the safeguard effectiveness
  • 48. PII Federal Trade Commission CONSENT DECREE JANUARY 2008 Mandates: Development of reasonable steps to select and oversee service providers that handle personal information
  • 49. PII Federal Trade Commission CONSENT DECREE JANUARY 2008 Mandates: Evaluation and adjustment of the program to reflect results of monitoring, material changes to the companies operations or other circumstances that may affect program efficiency.
  • 50. PII VISA CISP BULLETIN MAY 14, 2007 LEVEL 4 MERCHANT COMPLIANCE PROGRAM REQUIREMENTS TIMELINE OF CRITICAL EVENTS RISK-PROFILING STRATEGY MERCHANT EDUCATION STRATEGY COMPLIANCE STRATEGY COMPLIANCE REPORTING
  • 51. PII CONCLUSION: PCI DSS IS A SUBSET OF PII REGULATION SIMPLY ASKING A MERCHANT TO ANSWER THE PCI DSS SAQ WITHOUT TRUE EDUCATON, RISK ANALYSIS AND FOLLOW-UP MONITORING FAILS TO MEET THE STANDARD REGULATION, RISK AND LIABILITY WILL ONLY INCREASE IN THE CURRENT ENVIRONMENT
  • 52. Review Articles Federgreen, R; The facts on FACTA; The Green Sheet; 8:06:01; 2008 Federgreen, R; PCI DSS and HIPAA- The security standards share common ground. Transaction Trends; 2007 Federgreen, R; PCI Eye to eye with federal law; The Green Sheet; 7:07:02; 2007 VISA.COM/CISP
  • 53.
  • 54.
  • 55. QUESTIONS ? CSRSI.COM PCITOOLKIT.COM Rfedergreen@csrsi.com 866 462 7774 ext 1