|
In June 2005, the U.S. Department of Justice (DOJ) clarified who can be held criminally liable under HIPAA. Covered entities and specified individuals, as explained below, whom "knowingly" obtain or disclose individually identifiable health information in violation of the Administrative Simplification Regulations face a fine of up to $50,000, as well as imprisonment up to one year. Offenses committed under false pretenses allow penalties to be increased to a $100,000 fine, with up to five years in prison. Finally, offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm permit fines of $250,000, and imprisonment for up to ten years.
Covered Entity and Specified Individuals
The DOJ concluded that the criminal penalties for a violation of HIPAA are directly applicable to covered entities-including health plans, health care clearinghouses, health care providers who transmit claims in electronic form, and Medicare prescription drug card sponsors. Individuals such as directors, employees, or officers of the covered entity, where the covered entity is not an individual, may also be directly criminally liable under HIPAA in accordance with principles of "corporate criminal liability." Where an individual of a covered entity is not directly liable under HIPAA, they can still be charged with conspiracy or aiding and abetting.
Knowingly
The DOJ interpreted the "knowingly" element of the HIPAA statute for criminal liability as requiring only knowledge of the actions that constitute an offense. Specific knowledge of an action being in violation of the HIPAA statute is not required.
Full DOJ memorandum (This link will take you off the AMA Web site. The AMA is not responsible for the content of other Web sites.)
Exclusion
The Department of Health and Human Services (DHHS) has the authority to exclude from participation in Medicare any covered entity that was not compliant with the transaction and code set standards by October 16, 2003 (where an extension was obtained and the covered entity is not small) (68 FR 48805).
Enforcing Agencies
The DHHS Office of Civil Rights (OCR) enforces the privacy standards, while the Centers for Medicare & Medicaid (CMS) enforces both the transaction and code set standards and the security standards (65 FR 18895). Enforcement of the civil monetary provisions has not yet been tasked to an agency.
3/21/06
A mortgage company identified during a nationwide sweep monitoring compliance with federal privacy laws settled FTC charges on March 4 that it failed to adequately protect customers' personal and financial information. In late 2004, the FTC charged the company with violating the Gramm-Leach-Bliley ("GLB") Safeguards Rule. This rule requires financial institutions to implement policies and procedures to ensure the security of customer information. This is the second FTC settlement resolving alleged violations of the GLB Safeguards Rule. According to the FTC's complaint, Nationwide Mortgage Group, Inc. failed to assess risks to sensitive customer information; implement safeguards to control these risks; train employees on information security issues; oversee loan holders' handling of customer information; or monitor its computer network for vulnerabilities. The FTC also alleged that the company violated the GLB Privacy Rule by failing to provide required privacy notices to consumers explaining how their personal information may be used or disclosed. The Safeguards Rule requires financial institutions to implement a written program to secure customers' information. In addition to mortgage companies and other traditional financial institutions, the Rule covers entities such as payday lenders, tax preparers, auto dealers, credit counselors, and retailers that issue credit cards. To accommodate the wide range of institutions covered, the Rule allows each institution to develop a program that is appropriate to its size and complexity, the sensitivity of the information it handles, and the nature and scope of its business.
3/20/06
FTC Enforces Gramm-Leach-Bliley Act's Safeguards Rule Against Mortgage Companies
Agency Alleges Companies Failed to Protect Customers' Personal Information
As part of a nationwide compliance sweep, the Federal Trade Commission has charged two mortgage companies with violating the agency's Gramm-Leach-Bliley (GLB) Safeguards Rule by not having reasonable protections for customers' sensitive personal and financial information. In an administrative action filed against Nationwide Mortgage Group, Inc. (Nationwide) and its president John D. Eubank, the FTC alleged that the Fairfax, Virginia-based mortgage broker failed to implement safeguards to protect its customers' names, social security numbers, credit histories, bank account numbers, income tax returns, and other sensitive financial information. Sunbelt Lending Services, Inc. (Sunbelt), a subsidiary of Cendant Mortgage Corporation with headquarters in Clearwater, Florida, has agreed to settle similar FTC charges. The settlement with Sunbelt will bar future violations of the Safeguards Rule and require biannual audits of Sunbelt's information security program by a qualified, independent professional for 10 years. These are the FTC's first cases enforcing the Safeguards Rule.
The Safeguards Rule, which implements the security requirements of the GLB Act, requires financial institutions to have reasonable policies and procedures to ensure the security and confidentiality of customer information. The "financial institutions" covered by the Rule include not only lenders and other traditional financial institutions, but also companies providing many other types of financial products and services to consumers. These institutions include, for example, payday lenders, check-cashing businesses, professional tax preparers, auto dealers engaged in financing or leasing, electronic funds transfer networks, mortgage brokers, credit counselors, real estate settlement companies, and retailers that issue credit cards to consumers.
The Rule is intended to be flexible to accommodate the wide range of entities covered by GLB, as well as the wide range of circumstances companies face in securing customer information. Accordingly, the Rule requires financial institutions to implement a written information security program that is appropriate to the company's size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles. As part of its program, each financial institution must also: (1) assign one or more employees to oversee the program; (2) conduct a risk assessment; (3) put safeguards in place to control the risks identified in the assessment and regularly test and monitor them; (4) require service providers, by written contract, to protect customers' personal information; and (5) periodically update its security program.
The FTC targeted Nationwide and Sunbelt as part of a nationwide sweep of automobile dealers and mortgage companies to assess compliance with the Rule. Although the sweep showed compliance by many of the companies targeted, it also showed significant failures to comply by Nationwide and Sunbelt. According to the FTC's complaints, both companies failed to comply with the Rule's basic requirements, including that they assess the risks to sensitive customer information and implement safeguards to control these risks. In addition, Nationwide failed to train its employees on information security issues; oversee its loan officers' handling of customer information; and monitor its computer network for vulnerabilities. Sunbelt also failed to oversee the security practices of its service providers and of its loan officers working from remote locations throughout the state of Florida.
Finally, the complaint alleges that both companies violated the GLB Privacy Rule, which requires financial institutions to provide consumers with privacy notices describing how they use and disclose consumers' personal information. According to the complaints, Nationwide did not provide the privacy notices to its customers, and Sunbelt did not provide the notices to its online customers.
The proposed consent order with Sunbelt bars the company from future violations of the Safeguards Rule and the Privacy Rule. In addition, the company must have its security program certified as meeting or exceeding the standards in the consent order by an independent professional within six months and every other year thereafter for 10 years. The order also contains standard recordkeeping provisions to allow the FTC to monitor Sunbelt's compliance.
The Commission votes to issue the administrative complaint against Nationwide and to accept the consent agreement with Sunbelt were 5-0.
The FTC will publish an announcement regarding the agreement with Sunbelt in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through December 15, after which the Commission will decide whether to make it final. Comments should be addressed to the FTC, Office of the Secretary, Room H-159, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.
NOTE: The Commission issues a complaint when it has "reason to believe" that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the respondents have actually violated the law. Such action marks the beginning of a proceeding in which the allegations will be ruled upon after a formal hearing.
NOTE: The consent agreement for Sunbelt is for settlement purposes only and does not constitute an admission by the defendant of a law violation.
3/21/06
Identity Thefts Reported for New Jersey, 2004.
NEW JERSEY
Consumer Sentinel Complaint Statistics and Trends
January 1 - December 31, 2004
Total Number of Fraud and Identity Theft Complaints from New Jersey Consumers = 16,447
Identity Theft Types Reported by New Jersey Victims
Identity Theft Complaints from New Jersey Victims = 6,530
1Percentages are based on the 6,530 victims reporting from New Jersey. Percentages
add to more than 100 because approximately 18% of victims from New Jersey reported
experiencing more than one type of identity theft.
2Includes fraud involving checking and savings accounts and electronic fund transfers.
Top New Jersey
Identity Theft Victim Locations
Victim City No. of Victims
Newark 269
Jersey City 254
Paterson 113
Elizabeth 93
Trenton 93
2Average amount paid is based on the total number of fraud complaints where amount paid was
reported by New Jersey consumers (7,977).
Fraud Complaints from New Jersey Consumers = 9,917
1Percentages are based on the total number of fraud complaints from New Jersey consumers (9,917).
Top New Jersey Consumer Locations for Fraud Complaints
Amount Paid Reported by New Jersey Consumers
Top Fraud Complaint Categories for New Jersey Consumers
Consumer City No. of Complaints
Jersey City 244
Toms River 156
Newark 155
Edison 140
Trenton 122
Rank Top Categories Complaints Percentage1
1 Internet Auctions 2,795 28%
2 Shop-at-Home/Catalog Sales 1,530 15%
3 Internet Services and Computer Complaints 889 9%
4 Prizes/Sweepstakes and Lotteries 772 8%
5 Foreign Money Offers 746 8%
Rank Identity Theft Type No. of Victims Percentage1
1 Credit Card Fraud 2,299 35%
2 Phone or Utilities Fraud 1,073 16%
3 Bank Fraud2 849 13%
4 Employment-Related Fraud 607 9%
5 Government Documents or Benefits Fraud 463 7%
6 Loan Fraud 408 6%
Other 1,484 23%
Attempted Identity Theft 578 9%
Federal Trade Commission Page 46 of 66 Created February 1, 2005
3/20/06
Accurate Document Destruction, Inc. is now servicing 3,000 active accounts in New Jersey, New York and Pennsylvania. Since January 1st, 2006 through March 20th 2006 we have added 210 new clients.
1/ 02 /2006
The State of New Jersey has enacted the Identity Theft Protection Act. The law requires all business to shred any and all documents relating to their customers that contain "identifiers" ie: a persons name and address, phone number s/s number/ credit card information, non- public information of any type whatsoever.
Go to http://www.njleg.state.nj.us/2004/Bills/PL05/226_.HTM for the actual law.
9/15/2005
Accurate purchases Recycling Center in Trenton, New Jersey from Recycle America. The one point nine acre center complex is processing 110 tons of recycled paper per day.
8/25/2005
Accurate has been chosen by PNC Banking to services 110 of their branches for their shredding needs.
7/15/2005
Accurate Document Destruction, Inc. has moved our shredding operation from 35 Industrial Drive, in Hamilton, New Jersey to 469 Whitehead Road in Lawrenceville, New Jersey. The move was necessitated due to an expansion need. The additional 20,000 square feet will enable Accurate to better service the needs of our growing client base which now umbers over 2,000 accounts.
2/28/2005
In the latest financial privacy slip-up, Bank of America Corp. said Friday that it lost computer tapes containing personal information on federal employees who use 1.2 million bank-issued cards to pay for expenses.The data included Social Security numbers and home addresses of workers at dozens of government agencies, possibly including U.S. senators, a bank official said. The bank could not say how many workers were involved because some hold multiple cards.The tapes were lost in December while being shipped to a backup data center .U.S. Sen. Charles Schumer (D-N.Y.) said he was told in a briefing that baggage handlers probably stole the data backup tapes from a commercial plane. Sen. Patrick J. Leahy (D-Vt.) was among the senators whose information was on the missing tapes.The bank's statement said a "small number" of tapes had been lost, without mentioning that those tapes contained confidential information on more than 1 million accounts.
2/23/2005
Identity Thieves Dumpster Dive Blockbuster. Employees of Blockbuster Video, dumped thousands of their customers confidential credit information into the trash bins behind one of their stores. Dumpster Divers retrieved the material and went on a massive spending spree. Ana Gutierrez, one of Blockbuster customer's whose credit information was stolen stated, " I would never have imagined my info would be stolen. Not from a Blockbuster. How do you just throw it in the trash? Personal information? Just throw it in the trash" What Ms. Gutierrez can now expect is to spend the next thirteen months of her life trying to correct her credit history and it will cost her, out of pocket $1,250.,to $1,500., according to national averages. Ms. Gutierrez should not be suppressed by Blockbuster actions. Blockbuster and all retail business that have their clients confidential credit information are required by law to Dispose Client's Confidential Information in a proper manner such as shredding, pulverizing or burning. There are only two possible explanations for Blockbusters actions, one is complete lack of knowledge of the law and the other is that they do not want to sped the money to hire a shredding company to insure that your credit information is securely disposed of.
2/1/2005
Fair & Accurate Credit Transaction Act (FACTA). Various sections of the Act have different effective dates. Those that deal with Disposal and Safeguarding of covered records take effect on June 1st, 2005. The Federal Trade Commission, the agency charged with the Acts enforcement, has incorporated within the Act a broad definition as to what constitutes "personal identifiers" which is that material that must be shredded and safeguarded prior to disposal. The Commission has determined that the following information would be within the scope of the rule for disposal. Social Security number, driver's license number, phone number, either physical or e-mail address, person's name, credit reports, information extrapolated from a credit report, credit card numbers, bank account numbers, stock transactions and with emphasis added, " including but not limited to". This Act will require a one-person enterprise, or the largest employer in our United States to comply with the Safeguarding and Disposal Regulations of the Act. The intent of this new legislation is to thwart Identity Theft which in 2003 cost businesses and individuals over five (5) billion dollars in losses and is the fastest growing crime in the United States, with some ten (10) million new cases reported in 2003.
12/16/2004
As reported in our News Brief, of 7/13/2004 the disposal rule of the Fair Accurate Credit Transaction Act of 2003 was at best totally confusing. The FTC Commission has issued a draft, Federal Trade Commission Final Rule on Disposal of Consumer Information, which will take effect on June 1, 2005. The FTC has jurisdiction over any business that possesses consumer information, and therefore that business is a cover entity under the FACTA Act. Banking and Insurance firms are exempt. Covered Information broadly covers " any record about an individual, whether in paper, electronic, or other form, that is a consumer report" which is also known as a credit report, or from which information has been taken from to create a new report, whether for internal or external use. The disposal Rule offers guidance on what are "reasonable requirements" by example. 1- 'Implementing and monitoring compliance with policies and procedures that require paper destruction by, burning, pulverizing, or shredding of "covered material". 2- In the case of electronically stored "covered information" it must be destroyed in a manner so that the information cannot practicably be read or reconstructed. 3-For business that fall under the Gramm, Leach, Bliley Act, they must incorporate these procedures into their Safe Guard Rule guidelines. As in the Gramm, Leach, Bliley Act, guide lines, the generator is required to do due diligence in choosing a reputable vendor to accomplish the disposal process of information, and enter into a "Business Associates Agreement', WHICH IS PROVIDED IN OUR WEBSITE FOR USE BY OUR CLIENTS ONLY.
11/16/2004
FTC Enforces Gramm-Leach-Bliley Act's Safeguards Rule Against Mortgage Companies. Agency Alleges Companies Failed to Protect Customers' Personal Information. As part of a nationwide compliance sweep, the Federal Trade Commission has charged two mortgage companies with violating the agency's Gramm-Leach-Bliley (GLB) Safeguards Rule by not having reasonable protections for customers' sensitive personal and financial information. In an administrative action filed against Nationwide Mortgage Group, Inc. (Nationwide) and its president John D. Eubank, the FTC alleged that the Fairfax, Virginia-based mortgage broker failed to implement safeguards to protect its customers' names, social security numbers, credit histories, bank account numbers, income tax returns, and other sensitive financial information. Sunbelt Lending Services, Inc. (Sunbelt), a subsidiary of Cendant Mortgage Corporation with headquarters in Clearwater, Florida, has agreed to settle similar FTC charges. The settlement with Sunbelt will bar future violations of the Safeguards Rule and require biannual audits of Sunbelt's information security program by a qualified, independent professional for 10 years. These are the FTC's first cases enforcing the Safeguards Rule.The proposed consent order with Sunbelt bars the company from future violations of the Safeguards Rule and the Privacy Rule. In addition, the company must have its security program certified as meeting or exceeding the standards in the consent order by an independent professional within six months and every other year thereafter for 10 years. The order also contains standard recordkeeping provisions to allow the FTC to monitor Sunbelt's compliance.The Commission votes to issue the administrative complaint against Nationwide and to accept the consent agreement with Sunbelt were 5-0. The FTC will publish an announcement regarding the agreement with Sunbelt in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through December 15, after which the Commission will decide whether to make it final. Comments should be addressed to the FTC, Office of the Secretary, Room H-159, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions. NOTE: The Commission issues a complaint when it has "reason to believe" that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the respondents have actually violated the law. Such action marks the beginning of a proceeding in which the allegations will be ruled upon after a formal hearing.Copies of the Commission's complaints and proposed consent order are available from the FTC's Web site at http://www.ftc.gov and also from the FTC's Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. Plan C of Accurate's Service Menue would have gone a long way into putting these two companies into compliance.
10/15/2004
Inentity Theft,even celebrities aren't immune. Talk show hostess Oprah Winfrey, founder of CNN Ted Turner, actor Will Smith, pro-golfer Tiger Woods and director Steven Spielberg have had their identities stolen.
8/3/2004
Accurate Document Destruction & Recycling has been awarded the Recycling Contract for the State of New Jersey. Accurate will service over 85 State locations for all their recycling needs.Based on historical recycling tonnage, this is the largest public or private sector yearly recycling plan in effect in the State of New Jersey
7/13/2004
FTC PROPOSES FACT Act "Disposal Rule" Ambiguous is an understatement of monumental proportions when applied to the Disposal Rule of section 216 of the Fair Accurate Credit Transactions Act of 2003 (FACT Act) The disposal provisions go into effect July 2004. The FTC proposal was published in the April 20th Federal Register. The proposal requires an entity to take reasonable steps to protect unauthorized access to or use of the information with the disposal process. Banks, other lenders, consumer reporting agencies, and various other companies will have to implement new policies and procedures in order to comply with the FACT Act and regulations. Various other companies are those that use credit reports of their clients for business reasons, such as extending credit. When it becomes time to dispose of the records you are to use reasonable steps as described above. What is reasonable? Ask three people and you will get four opinions. Our advice is "Shred it and forget it"
6/28/2004
Lieutenant Steve Kane, retired from the New Jersey State Police is now Chief Inspector for the Department of Motor Vehicles task force in charge of investigations of reported Identity Thefts within the State. Chief Inspector Kane has 23 men under his command and they receive I, 400 new cases each month. His advice in helping to prevent Identity Theft is to shred all unwanted mail you receive before disposal.
6/7/2004
Identity Theft continues to be the fastest growing crime in our country. The number of Identity Thefts, as reported by The Federal Trade Commission, in the year 2003 is estimated to be in the area of 10,000,000 cases. The average financial loss per incident was $14,400. , totaling 50 Billion Dollars in 2003. The average victim spent 60 hours in resolving their problems, and had out of pocket expenses of $500.00 to $1200.00 The average length of time of the misuse of another's identity was 13 months.
6/2/2004
Human Resourse Departments has an additional issue to deal with since the Enron shredding of documents debacle. If you receive a letter from an attorney who represents a discharged employee, which advises you to save, any and all papers regarding the terminated employee, chances are the attorney is laying the groundwork for a document destruction case, based on the legal doctrine of "spoliation". You should immediately turn the letter over to your legal department, or the companies out-side lawyer. Your legal representative will explain what you must do to protect your firm's interests in such a situation as this. Trial court's decisions reflect the serious consequences a party may suffer for the intentional destruction of evidence. A litigant reasonably anticipating litigation has an affirmative duty to preserve relevant evidence.
5/27/2004
In the year 2003 Accurate Document Destruction, Inc. shredded and recycled 2,924.4 tons of paper. This recycling effort spared the harvesting of 1,720.55 new growth trees for their pulp content. Accurate Document Destruction, Inc. has mill direct relationship because of our high volume of material. What this means to our document destruction client's is a self-assuredly that their files and records have not only been shredded they are also recycled into pulp substitutes. On behalf of our environment Accurate Document Destruction extends a thanks to our clients.
5/25/2004
Under the federal Gramm-Leach-Bliley Act (" referred to as The GLB Act") a financial institution, a term defined in a way that includes institutions of higher education and some private schools, must develop plans and establish policies to protect certain information about individuals, primarily students, faculty and staff. The GLB Safeguards Rule requires covered colleges and universities to take steps to insure the security and confidentiality of non-public personal information of a financial nature, such as bank and credit card account numbers, income and credit histories, and social security numbers. . Colleges and universities and private schools are subject to GLB when they offer certain financial services or products, including: · 1.student loans, such as federal Perkins loans; · 2.mortgages to faculty members; · 3.financial counseling to donors in planned giving programs; · 4.career counseling services to those going into or planning to enter financial service positions. · 5.offering cards that are used in lieu of cash for campus transactions. For additional information in relation to this matter call 800-474-7332 ext 205 and request our brochure on Educational Institution & GLB Compliance.
5/23/2004
GPS is a Satellite Navigation System, which is funded and controlled by the United State Department of Defense. There are many thousands of civil users of GPS, which includes Accurate Document Destruction, Inc. GPS provides specially coded satellite signals that can be processed in a GPS receiver, enabling the receiver to compute, position, velocity and time. Accurate Document Destruction, Inc. has just completed the installation of GPS Systems in all of our (14) fourteen-truck fleet. Each truck through the use of the GPS emits a signal to a computer which tracks the truck's' every movement, speed and the time it is at a stop to services a customer. We are in total control of your sensitive documents from the time they are picked up, until the time they reach our facility for shredding. Accurate Document Destruction, Inc. has gone one step further in insuring tractably of your sensitive documents. Each drive and helper has a Nextel equipped with a GPS receiver. Not only do we track our trucks, we track the driver and helper. The computer prints out that days complete activity of each truck and driver and helper and is revived by our Quality Control Department for any flaws in pick up reports or any irregularities in times of pick ups any return to our facility.
5/20/2004
The U.S. Department of Health and Human Services' Office for Civil Rights handles HIPAA complaints. As of the end of March 2004, the Office for Civil Rights received 5,350 such complaints. Nearly half have been resolved, the other complaints still are under review. About 50 were sent to the U.S. Justice Department for possible criminal penalties. Physician practices top the of list of those named in privacy complaints, followed by hospitals, pharmacies and outpatient facilities, Office for Civil Rights stated. It's no coincidence that the top four are also the groups having "routine and direct contact" with patients PHI, said OCR Director Richard Campanelli.
5/4/2004
HIPAA Compliance, why 9 out of 10 Accurate Document Destruction clients choose our In-House Shredding Plan over our Mobile Shredding Plan. As of this date Accurate Document Destruction, Inc. services Hospitals in the Tri State area of New York, New Jersey and Pennsylvania with at total of more then 12,000 beds. All of the institutions have been put into compliance for the safe guarding of PHI and their shredding under Plan B of Accurate's Service Menu. When queried about their reasons for choosing Plan B Service (in-house shredding) over Plan A Service (mobile shredding) the most common answers were- Significant savings over the cost of mobile shredding, realization that their staff rarely if ever witnessed the mobile shredding being done, having a video tape of their actual shredding, as provided by Accurate Document Destruction and the certainty of on time service.
5/1/2004
The Gramm-Leach, Biley Act, Enforcement of the Safe Guard Provisions.Shredding NPI. Dr. Howard Beales joined the Federal Trade Commission in 1977. In June of 2001 he was appointed Director of the FTC Bureau of Consumer Protection. This division of the FTC is responsible for the enforcement of the Gramm- Leach, Biley Act. On September 23rd, 2003 the Safe Guard Provisions of the Act took effect. Dr. Beales has given over 25 speeches on the Act. In a January 24th, 2002 speech, in San Francisco, Dr. Beales provided us with insight as to the priorities of his Directorship. " In the past the Commission's privacy program focused primarily on information collection. In contrast, we believe that the focus should be on the misuse of information." Dr. Beales went on to state his concerns about on line theft as well as off line theft. He sited instances of off line theft resulting in the real danger of Identity Theft. Identity Theft is a reoccurring theme in all of Dr. Beales speeches and points out its growth to the number one fastest growing crime in our country today. As if to emphasize the targeting of information leakage The Commission brought their first action under the new law against the Elli Lilly Corporation. Elli Lilly was cited for unintentionally disclosing the e-mail addresses of 699 users of its Prozac Drug." This was very sensitive information, where release could have adverse consequences for the consumers involved", stated Dr. Beales. In a recent work shop on the implementation of procedure for the Safe Guard Regulation there was a question and answer segment. This question was ask of Dr. Beales. Question: What about record destruction companies? How would you be able to opt out a customer from the reports that are shredded? Answer: Sharing customer's records with a record destruction company for the purpose of having the records shredded and disposed of would be activities that would fall under the exception under _ Section 15. Insuring compliance with this requirement mandates a letter of understanding, which prohibits the third party service provider from disclosing or using any customer's nonpublic personal information of a financial nature.
4/27/2004
On April 29th, 2002 the New York State Bar Association filed an action against The Federal Trade Commission in the United States District Court and was joined by the American Bar Association, on September 25th, 2002. The Plaintiffs claim that practicing lawyers should be exempt from the mandated provisions of Title V of the Act, because of a misinterpretation by the Federal Trade Commission that the Act applies to attorneys. Since the filling of the suit numerous State Bar Associations have become amicus participants in the suit. Until this matter is put to rest through the Courts, attorneys must comply with all provisions, except the notification clause to their clients.
4/6/2004
The New York City Department of Investigations has chosen Accurate Document Destruction to shred their highly sensitive investigation files.This aspect of their program will be be done using mobile shredding units. In addition to the files and records Accurate Documernt Destruction will also destroy all electronic gathered evidence tapes, video surveillance and other types of electronic material in-house. This work will be done under the aegis of Accurate Document Destruction's Trade Marked "Witness Protection Program".
3/1/2004
The Pennsylvania Trial Lawyers Association, which has over 3,500 members, has chosen Accurate Document Destruction to services their destruction requirementsusing our Plam B Program, in-house shredding which is vieoed.
9/30/2003
The National Benefit Fund, which represents all hospital workers in the United States, has chosen Accurate Document Destruction to implement their HIPAA & Ghramm, Leach-Bliley, Destruction Programs.All work will be done under Plan B, in-house shredding. The Fund is the largest self insured HMO in the U.S. and also provides Pension Service for their members and retirees.
8/1/2003
Former President Clinton has chosen Accurate Document Destruction to dopaper shredding for his New York City Office. The office is serviced on a monthly basis and Accurate has been doing it for the past six(6) months.No phone calls will be accepted from Rush Limbaugh in relation to this matter.
7/1/2003
The National Football League and Accurate Document Destruction have teamed up. Accurate was chosen to shred, in-house 24,400 NFL Footballs that were out dated and had the Logos of teams no longer in the league. Sorry flea market vendors, no leakage at Accurate.
8/21/2002
Trans Union 1. To report fraud, call (800)680-7289 or write to P.O. 6790, Fullerton, CA 92634. 2. To order a copy of your credit report ($8 in most states), write to P.O.Box 390, Springfield, PA 19064 or call: 800-888-4213. 3. To dispute information in your report, call the phone provided on your credit report. 4. To opt out of pre-approved offers of credit and marketing lists, call 800-680-7293 or 888-5OPTOUT or write to P.O. Box 97398, Jackson, MS 39238. Contact all creditors with whom your name or identifying data have been fraudulently used. For example, you may need to contact your long-distance telephone company if your long-distance calling card has been stolen or you find fraudulent charges on your bill. Contact all financial institutions where you have accounts that an identity thief has taken over or that have been created in your name but without your knowledge. You may need to cancel those accounts, place stop-payment orders on any outstanding checks that may not have cleared, and change your Automated Teller Machine (ATM) card, account, and Personal Identification Number (PIN). Contact the major check verification companies (listed in the CalPIRG-Privacy Rights Clearinghouse Checklist) if you have had checks stolen or bank accounts set up by an identity thief. In particular, if you know that a particular merchant has received a check stolen from you, contact the verification company that the merchant uses: 1. Check Rite -- 800-766-2748 2. ChexSystems -- 800-428-9623 (closed checking accounts) 3. CrossCheck -- 800-552-1900 4. Equifax -- 800-437-5120 5. National Processing Co. (NPC) -- 800-526-5380
8/20/2002
The Department of Justice prosecutes cases of identity theft and fraud under a variety of feral statutes. In the fall of 1998, for example, Congress passed the Identity Theft and Assumption Deterrence Act. This legislation created a new offense of identity theft, which prohibits knowingly trasfer[ring] or us[ing], without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitues a violation of Federal law, or that constitutes a felony under any applicable State or local law. 18 U.S.C. 1028(a)(7). This offense, in most circumstances, carries a maximum term of 15 years' imprisonment, a fine, a criminal forfeiture of any personal property used or intended to be used to commit the offense. Schemes to commit identity theft or fraud may also involve violations of other statures such as identification fraud (18 U.S.C. 1028), credit card fraud (18 U.S.C 1029), computer fraud (18 U.S.C 1030), mail fraud (18 U.S.C. 1341), wire fraud (18 U.S.C 1343), or financial institution fraud (18 U.S.C 1344). Each of these federal offenses are felonies that carry substantial penalties in some cases, as high as 30 years' imprisonment, fines, and criminal forfeiture. Federal prosecutors work with federal investigative agencies such as the Federal Bureau of Investigation, the United States Secret Service, and the United States Postal Inspection Service to prosecute identity theft and fraud cases. Here are some examples of recent cases: Central District of California. A woman pleaded guilty to federal charges of using a stolen Social Security number to obtain thousands of dollars in credit and then filing for bankruptcy in the name of her victim. More recently, a man was indicted, pleaded guilty to federal charges and was sentenced to 27 months' imprisonment for obtaining private bank account information about an insurance company's policyholders and using that information to deposit $764,000. in counterfeit checks into a bank account he established. Central District of California. Two of three defendants have pleaded guilty to identity theft, bank fraud, and related charges for their roles in a scheme to open bank accounts with both real and fake identification documents, deposit U.S. Treasury checks that were stolen from the mail, and withdraw funds from those accounts. Middle District of Florida. A defendant has been indicted on bank fraud charges for obtaining names, addresses, and Social Security numbers from a Web site and using those data to apply for a series of car loans over the Internet. Southern District of Florida. A woman was indicted and pleaded guilty to federal charges involving her obtaining a fraudulent drver's license in the name of the victim, using the licensr to withdraw more than $13,000 from the victim's bank account, and obtaining five department store credit cards in the victim's name and charging approximately $4,000 on those cards.
8/20/2002
What are the most common ways to commit Identity Theft or Fraud? Many people do not realize how easily criminals can obtain our personal data without having to break into our homes. In public places, for example, criminals may engage in "shoulder surfing" watching you from a nearby location as you punch in your telephone calling card number or credit number or listen in on your conversation if you give your credit-card number over the telephone to a hotel or rental car company. Even the area near your home or officemay not be secure. Some criminals engage in "dumpster diving" going through your garbage cans or a communal dumpster or trash bin to obtain copies of your checks, credit card or bank statements, or other records that typically bear your name, address, and even your telephone number. These types of records make it easier for criminals to get control over accounts in your name and assume your identity. If you receive application for "preapproved" credit cards in the mail, but discard them without tearing up the enclosed materials, criminals may retrieve them and try to activate the cards for their use without your knowledge. (Some credit card companies, when sending credit cards, have adopted security measures that allow a card recipient to activate the card only from his or her home telephone number but this is not yet a universal practice.) Also, if your mail is delivered to a place where others have ready access to it, criminals may simply intercept and redirect your mail to another location. With enough identifying information about an individual, a criminal can take over that individual's identity to conduct a wide range of crimes: for example, false applications for loans and credit cards, fraudulent withdrawals from bank accounts, fraudulent use of telephone calling cards, or obtaining other goods or privileges which the criminal might be dinied if he were to use his real name. If the criminal takes steps to ensure that bills for the falsely obtained credit cards, or bank statements showing the unauthorized withdrawals, are sent to an address other than the victim's, the victim may not become aware of what is happenning until the criminal has already inflicted substantial damage on the victim's assets, credit, and reputation.
8/20/2002
TOTAL ACCURATE ADVISE What Should I do if I've become a victim of Identity Theft? If you think you've become a victim of identity theft or fraud, act immediately to minimize the damage to your personal funds and financial accounts, as well as your reputation. Here's a list based in part on a checklist prepared by the California Public Interest Research Group (CalPIRG) and the Privacy Rights Clearinghouse of some actions that you should take right away: 1. Contact the Federal Trade Commision (FTC) to report the situation, whether 2. Online, 3. By telephone toll-free at 1-877-ID THEFT) or TDD at 202-326-2502, or 4. By mail to Consumer Response Center, FTC, 600 Pennsylvania Avenue, N.W. Washington, DC 20580. Under the Identity Theft and Assumption Deterrence Act, the Federal Trade Commission is responsible for receiving and processing complaints from people who believe they may be victim of identity theft, providing informational materials to thos people, and referring those complaints to appropriate entities, including the major credit reporting agencies and law enforcement agencies. For further information, please check the FTC's identity theft Web pages. You can also call your local office of the FBI or the U.S. Secret Service to report crimes relating to identity theft and fraud. You may also need to contact other agencies for other types of identity theft: 1. Your local office of the PostalnInspection Service if you suspect that an identity thief has submitted a change-of-address form with the Post Office to redirect your mail, or has used the mail to commit frauds involving your identity; 2. The Social Security Administration if you suspect that your Social Security number is being fraudulently used (call 800-269-0271 to report the fraud);p 3. The Internal Revenue Service If you suspect the improper use of identification information in connection with tax violations (call 1-800-829-0433 to report the violations). Call the fraud units of the three principal credit reporting companies: EQUIFAX: 1. To report fraud, call 800-525-6285 or write to P.O Box 740250, Atlanta, GA 30374-0250 2. To order a copy of your credit report ($8.00 in most states), write ton P O Box 740241, Atlanta, GA 30374-0241, or call 800-685-1111. 3. To dispute information in your report, call the phone number provided on your credit report. 4. To opt out of pre-approved offers of credit, call 888-567-8688 or write to Equifax Options, P O Box 740123, Atlanta, GA 30374-0123. EXPERIAN 1. To report fraud, call 888-EXPERIAN or 888-397-3742, fax to 800-301-7196, or write to P O Box 1017, Allen TX 75013. 2. To order a copy of your credit report $8 in most states, P O Box 2104, Allen TX 75013, or call 888-EXPERIAN. 3. To dispute information in your report, call the phone number provided on your credit report. 4. To opt out of pre-approved offers of credit and marketing lists, call 800-353-0809 or 888-5OPTOUT or write to P O Box 919,Allen, TX 75013.
8/20/2002
ID Theft Most Common Offline, Experts Say By Clare Saliba www.EcommerceTimes.com Part of the NewsFactor Network Traditional' methods remain the most common avenues for identity theft. Although part of the recent spike in reports of identity theft can be attributed to the Internet, offline methods of stealing personal data still provide a more significant information stream for criminals, according to National Fraud Center chairman of the board Norm Willox. Speaking before identity theft workshops assembled by the U.S. Federal Trade Commission (FTC) and the Social Security Administration last week, Willox cautioned government officials to avoid "simplistic" or overreaching solutions that combat only part of the growing problem. According to Willox, National Fraud Center research indicates that the Web is not the usual avenue for identity thieves to obtain information. Instead, long-established means of gathering data -- such as "dumpster diving" or using a well-placed employee -- remain the most popular retrieval methods. Willox noted that the longer it takes for an individual to discover that an identity theft has occurred, the more difficult it is for the victim to correct the situation.
8/19/2002
Dumpster Diving: Looking for gold in smelly places By M.L.Davis, Indiana Journal of Commerce and Industry, Evansville. As disgusting as it sounds, there are crews of people who travel a circuit, going from one business dumpsters to another. They crawl around inside of the dumpsters, which are full of paper, cans and things you'd rather not know about. They'll wade through stench and wallow in garbage, looking for treasure. Dumpster divers are always looking for an opportunity. If you are careless with your documents, a dumpster diver's good fortune could be your nightmare. Do you put old invoices, bank statements in a the trash? Do you leave message pads intact? Do you throw away old business correspondence, credit card statements, or requests for quotations? Even if your business does not conduct 'classified' information, you still have old information that should not be in anyone's hands but yours. An enterprising researcher can find information you'd rather keep under lock and key, just by looking at your old records.
8/19/2002
Comptroller of Currency Warns Bank CEOs Letter Cites Banks' Obligation to Protect Customer Information An official Advisory Letter has been issued from the Office of the Comptroller of the Currency to the Chief Executive Officers of all national banks regarding the disposal of confidential materials. It reads, "This letter is to remind you of the need to ensure that national banks follow appropiate procedures to ensure the security of confidential documents. In particular, national banks need to ensure that they have adequate procedures to protect documents containing confidential customer information and to destroy such documents when they are no longer needed.
8/19/2002
Security Watch Forget the Firewall; Guard your Garbage Against 'Dumpster Diving' Hackers After years of information system security analysis, we have come to realize that the most damaging data is rarely trumpeted from the front page of the newspaper. True enough, The Wall street Journal of June 16 ran only a small headline |
