Privacy SecurityFelecia Vlahos Information Security Officer

Information Privacy

Prevention of intentional or unintentional unauthorized disclosure of information

Types of private information

Medical (ADHD, AIDS, etc.) Relational (heritage, sexual) Academic (grades) Financial (accounts, SSN) Business (mergers, recipe) Military (locations, weapons) Religious (Christian, Muslim) Etc.

http://www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf

2004 = http://www.consumer.gov/idtheft/stats.html 2005 = www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf

2004 = http://www.consumer.gov/idtheft/stats.html 2005 = www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf

Damages

Financial Fraud (they use your money)

Charges on credit card ($50, new card)

Drain of account (depends, new account/password)

Serious Damages

Identity Theft (they become you!)

Lots of financial fraud($50x?, ? new cards)

New credit established(time/money to prove your identity, lower credit

rate/loss of car or home/need to use deposit accounts, hounded by collectors)

New address established(time/money to prove your identity, unable to rent)

Police record(time in jail/bail!!, trial/loss of job)

Military record(time in the brig, new career)

Key to Lower Damages

Early detection!

How to Detect?http://onguardonline.gov/quiz/idtheft_quiz.html

How to Detect?

How to Detect?

How to Detect?http://www.consumer.gov/idtheft/pdf/synovatereport.pdf

Who will Detect? WAS http://www.consumer.gov/idtheft/stats.html

Where is the Information?

Paper Tapes/floppies CDROM/usb drive File/web/database servers Desktops (home and work) Laptop/iPod/Palm Pilot Treo/Blackberry/cell phones

Who is collecting the Information? Business (water company, ebay, rental,

real estate, UPS)

Membership (library, Vons, gym)

Credit bureaus Health (doctor, dentist, hospital, vet)

Education (preschool, elem, JHS, HS, college)

Insurance (health, car, home)

Child care Banking (checking, credit cards, loans)

Laws & Regulations Federal laws

The Family Education Rights and Privacy Act of 1974 (FERPA) Gramm-Leach-Bliley Act of 1999 Health Care Portability and Accountability Act of 1996 (HIPAA) USA Patriot Act of 2001 The Freedom of Information Act (5 U.S.C. § 552, As Amended

by Public Law No. 104-231, 110 Stat. 3048) Fair and Accurate Credit Transactions Act of 2003 (FACTA) FTC (16CFR, Part 314), Standards for Safeguarding Customer

Information: Final Rule, May 23, 2002 State laws

California Civil Code 1798 (Information Practices Act of 1977; Notification of security breaches; restricted use of security numbers California)

California Penal Code530.5 (Identity Theft) California Code of Regulations, Title 5, Education, Section

42396-42396.5 (Privacy and Personal Information Management)

California Education Code, Section 89546, Employee Access Information Pertaining to Themselves

Comprehensive Computer Data Access and Fraud act (California Penal code, Section 502)

Government Code 6250-6265 (California Public Records Act)

Benefits Derived Required to develop a security plan

(security.sdsu.edu) Prohibited from:

1. Publicly posting or displaying an individual’s social security number.2. Printing an individual’s social security number on any card required for

access to products or services.3. Requiring an individual to transmit his/her social security number over

the Internet, unless the connection is secure or the social security number is encrypted.

4. Requiring an individual to use a social security number to access an Internet Web site, unless a password, unique personal identification number, or other authentication device is required also.

5. Printing an individual’s social security number on materials that are mailed. A social security number may not be printed on a postcard or visible on an envelope.

6. Encoding or embedding a social security number in a card or document,

including using a bar code, chip,magnetic strip, or any other technology. After December 4, 2006, companies will not

be allowed to print your credit or debit card expiration date or more than the last 5 digits of your card number on your electronic receipt.

Protect Yourself!!

Decline to provide the information (Digitizers, SD County Library, BoA fingerprint)

Free Credit Report Annually: https://www.annualcreditreport.com

Favorite ID Theft sites: http://www.ou.edu/oupd/inetmenu.htm http://www.privacy.ca.gov/

Credit bureaus: (fraud alert, freeze/suspend files, subscription services)

Equifax - www.equifax.com Experian - www.experian.com Trans Union - www.transunion.com

Minimize the risk: ATM/Credit card combination

SSN on auto deposit

Storage of data offline

Subscription Service

Scary Email Spring 2006

Login to Service

Credit alerts in last 30 days

Contact information

Contact Information

Information Technology Security OfficeFelecia Vlahos

Information Security Officerfvlahos@mail.sdsu.edu

619-594-4049