How Oregon Senate Bill 583 effects your business

The Oregon Consumer Identity Theft Protection Act – Effective January 1, 2008

CLICK HERE (pdf) SENATE BILL 583

Your business must implement an information security program that includes the following:
-Establish administrative safeguards.

-Designate one or more employees to coordinate the security program.

-Identify reasonably foreseeable internal and external risks.

-Assess the sufficiency of safeguards in place to control the identified risks.

-Select service providers capable of maintaining appropriate safeguards, and require those safeguards by contract.

-Adjust the security program in light of business changes or new circumstances.

Technical safeguards such as the following:

-Assess risks in network and software design.

-Assess risks in information processing, transmission and storage.

-Detect, prevent and respond to attacks or system failures.

-Regularly tests and monitors the effectiveness of key controls, systems and procedures.

Physical safeguards such as the following:

-Assess risks of information storage and disposal.

-Detects, prevents and responds to intrusions.

-Protect against unauthorized access to or use of personal information during or after the collection, transportation and destruction or disposal of the information.

-Dispose of personal information after it is no longer needed for business purposes or as required by local, state or federal law by burning, pulverizing, shredding or modifying a physical record and by destroying or erasing electronic media so that the information

Identity Thieves Steal UCI Students Tax Returns

Identity thieves have stolen the tax returns of 93 University of California, Irvine (UCI) students and up to 7,ooo students are at risk according to the Orange County Register. The identity theft ring was detected when several UCI students reported to campus police that their tax returns came back “already processed”. Now that has got to be an alarming and scary feeling to receive that notice from the IRS. UCI police are investigating but have not found the source of the leak. They believe the compromised data only affects graduate students who attended between 2004 and 2007. The State of California has since banned the use of Social Security Numbers as student identification.

Details of this particular crime remain sketchy though it is known that IRS investigators have become involved. It certainly appears that this is more than just one hacker, or one bad employee and that it likely has ties to an identity theft ring. Students are encouraged to process their returns immediately as that is the only way to know that their personal information has been used fraudulently with the IRS. Unfortunately, as with any data breach, the attack can happen tomorrow or 20 yeas later and can take many different forms. There are many steps one can take to protect their identity and their are many identity protection options that can be purchased through credit bureaus, insurance companies and identity protection companies such as Lifelock and Loudsiren but none of the available options could protect you from this particular crime. The best advice we can give is to file your return immediately if you haven’t already, keep your information up to date with the IRS and file your tax returns in the following years as early as possible. This is sound advice for anyone who has experienced a breach of their private records as the IRS does not check your credit report when authorizing your return and therefore will not be alerted by a fraud alert. Additionally, you should not give out your personal information to the IRS on the phone or by responding to an email. These are common scams.

To protect yourself from other forms of identity theft we strongly recommend that you place fraud alerts on your credit file and renew them every 90 days and order and examine your free annual credit report yearly. The good news for those students on a budget is that this can all be done for free. If you are barely making ends meet and living off Kraft Dinner (ah, those were the days) then you probably don’t need to be concerned with insurance or a guarantee that an identity protection service would provide. So take the initiative and protect your good name and credit today. Less effective options such as credit monitoring, or more restrictive options such as credit freezes that are available for a fee. The only decision you will truly regret is the decision to do nothing. As we have mentioned many times we strongly recommend fraud alerts but we do realize that this is not the right choice for everybody. What is most important is that you do something because any action that reduces your chances of becoming an identity theft victim is a good action to take. What are you waiting for? Protect yourself now!

Identity Theft Steals Millions from Government Health Programs

A trend embraced by white-collar criminals is driving up health-care costs and creating nightmares for its victims. Medical identity theft is health-care fraud and ID theft rolled into one, and it’s a crime that’s expected to continue growing because it’s easy to carry out and difficult to detect.

The first study on the subject, done by the World Privacy Forum (WPF) in 2006, estimates that medical identity theft accounts for 2.7 percent to 3.2 percent of total ID theft, which is reported to be the fastest-growing crime over the last seven years.

In November 2007, the Federal Trade Commission estimated the number of cases of medical identity theft at 3 percent of all ID theft cases. That’s at least 250,000 medical identity theft cases per year.

Consumer Protection Expert is Victim of ID Theft

According to the Milwaukee Journal Sentinel, Janet Jenkins, head of Milwaukee’s office of consumer protection, was recently a victim of identity theft. Ironically, her entire profession is devoted to making sure people don’t get scammed or taken advantage of.
But it happened to her. “It just goes to show, you can’t entirely protect yourself,” Jenkins said.

In late December, Jenkins noticed her credit card bill online had some unusual charges. After further investigation, she discovered additional charges. The thief even had “pinged” the account, which Jenkins described as someone making a $1 charge just to make sure the card works.

In the end, the credit card company gave Jenkins back her $350 and she put a fraud alert on her credit report for 90 days.

New Identity Theft Threat (IRS)

by Julie Ann Dawson

February 01, 2008 12:38 PM EST
The IRS is already reporting cases of identity theft scams regarding the upcoming tax rebate program before Congress.

1. The IRS NEVER, EVER, under ANY circumstances will call you or e-mail you and request bank account information for direct deposit. Scammers are contacting people claiming that in order to get the upcoming rebate, it must be handled with direct deposit and you need to provide the bank routing information.

2. The IRS is NOT “verifying information” for this rebate program. Do not follow links in e-mails allegedly from the IRS asking you to verify your taxpayer data.

In short, if the real IRS is looking for you, it will be handled via the USPS. Also, note that official IRS matters requiring your attention will be addressed DIRECTLY to you, not “Dear Taxpayer.”

Senior citizens and people who aren’t internet savvy are the must vulnerable to these schemes, so please make sure they are aware of this identity theft threat.

Fresno County prosecutor facing identity theft charges

The Associated Press

Article Launched: 01/23/2008 11:11:24 AM PST

FRESNO, Calif.—A Fresno County prosecutor is facing identity theft and other charges involving his ex-girlfriend.California Attorney General Edmund Brown has filed felony charges against David Jones, accusing the Fresno County deputy district attorney of stalking, stealing the identity, and falsely impersonating his ex-girlfriend.

A spokesman for the attorney general’s office says the charges filed Wednesday come after a probe launched by state officials in October of 2007.

Investigators say the 45-year-old Jones harassed the woman — identified in court documents as Jane Doe — from July of 2006 through August of 2007.

During that time, state investigators say Jones allegedly made threatening phone calls, made unwanted advances and impersonated the woman on Internet singles sites where he solicited individuals to contact her for sex.

A call to the Fresno County District Attorney’s Office seeking comment was not immediately returned.