Legal Responsibility to Protect Consumers’ Private Information

This week, we start a series aimed at educating business about their legal responsibilities regarding protecting consumers’ private information.

First, some background:  According to the Federal Trade Commission (the government organization charged with consumer protection), an estimated nine million Americans have their identities stolen each year. Identity thieves may drain accounts, damage credit, and even put medical treatment at risk. The cost to business — left with unpaid bills racked up by scam artists — can be staggering, too.

The Red Flags rule requires many businesses and organizations to implement a written identity theft prevention program designed to detect the “red flags” of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage. The bottom line is that a program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft.

The Federal Trade Commission (FTC) enforces the Red Flags Rule with several other agencies. Stay tuned over the next couple of weeks for our series detailing the rule.

For instant resources on identity theft protection, please visit www.hvshred.com

Perhaps the lowest scam of all?

In a recent press release from the FTC, it seems scam artists have perhaps hit a new low.  In the latest lure to trick people into clicking on links that will download malware to their computers, scammers are sending bogus emails with the subject line “funeral notification.” The message appears to be from a legitimate funeral home, offers condolences, and invites recipients to click on a link for more information about the upcoming “celebration of your friend’s life service.” But instead of sending you to the funeral home’s website, the link sends you to a foreign domain where the scammers download malware to your computer.

Malware, short for “malicious software,” includes viruses and spyware that get installed on your computer without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.

If you get an email about a friend or loved one’s passing, the Federal Trade Commission, the nation’s consumer protection agency, says hit Delete. Don’t click on the link. You may then want to contact the funeral home or family directly to verify the information.

More tips from the FTC to reduce your risk of downloading unwanted malware and spyware include:

  • Keep your security software updated.
  • Don’t click on any links or open any attachments in emails unless you know who sent it and what it is.
  • Download and install software only from websites you know and trust.
  • Make sure your browser security setting is high enough to detect unauthorized downloads.
  • Use a pop-up blocker and don’t click on any links within pop-ups.
  • Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That’s a tactic scammers use to spread malware.
  • Back up your data regularly.

 

For more information on Identity Theft Protection, please visit www.hvshred.com

Another Scam to Watch Out For

Perhaps even more frequently than every day, it seems like there is a new scam hatching.  Here’s a new one we learned about from a fellow member of the NYS CPA Society.

In a recent message board post, Mr. Mendlowitz warned to be on the lookout for ‘One Ring’ cell phone scams.

It’s called the “One Ring” scam, because the scammers program computers to send thousands of calls to random cell phone numbers to ring once, and then disconnect. The scammers hope you are curious enough about the call and that you will return the call right away.

When the cell phone owner returns the call they are charged $19.95 for the international call fee. After that there is a $9.00 per minute charge. Often the victims will first hear music, then maybe advertising but it’s easy to see how quickly these charges can add up.

If anyone thinks they may have fallen for this scam, they should immediately alert their cell phone carrier and keep an eye on their cell phone bill.

For all matters related to identity protection and data safety, please visit www.hvshred.com

Keeping Children Safe on the Internet

On-site shredding service is our main gig but those who follow this blog know we like to use this space to share public service announcements as well.  There are few topics more important than protecting our children.

The FTC has just released a its latest update on a great resource for helping to protect our children when they are on line.

Te revision of the FTC’s free guide, Net Cetera: Chatting with Kids About Being Online, is now available. The booklet has updated tips for parents, teachers, and other adults to use when talking with kids about online safety and digital citizenship.

The guide reflects changes in the online space since it came out in 2009. Among other timely and important issues, the guide includes tips on:

The booklet also includes information about the recent changes to the Children’s Online Privacy Protection Act (COPPA), and the rights and choices parents have in protecting their kids’ privacy online. And, of course, the guide covers key issues like cyberbullying, sexting, phishing, and computer security.

Net Cetera has topped the Best Seller list at the FTC for years. More than 9.3 million copies of the original version of the booklet were distributed in just over two years, making it one of our most-requested publications.

Order free copies of Net Cetera from the FTC’s bulk order site. Use them at the kitchen table, the all-purpose room at school, even at your local library.

For more information about identity theft protection and related topics, please visit www.hvshred.com

More on Apps Safety-Mindfully Sharing Location Data

HV Shred is all about helping our community protect private information.  Last week, we covered the basic overview of app safety.  More specifically this week, we cover location data.

Some apps use specific location data to share maps, coupons for nearby stores, or information about who we might know nearby. Some provide location data to ad networks, which may combine it with other information in their databases to target ads based on our interests and our location.

Once an app has permission to access location data, it can do so until we change the settings on our phones. If we don’t want to share our location with advertising networks, we can opt to turn off location services in the phone’s settings. Of course, if that is done, the apps won’t be able to share information based on our location unless we enter it ourselves.

In addition, the phone uses general data about its location so our phone carriers can efficiently route calls. Even when we turn off location services in the phone’s settings, it may not be possible to completely stop it from broadcasting location data.

The point is to be mindful and selective of the apps we choose.

A recent case both metaphorically and literally shed light on the locator capability and possible abuse of apps:

Dating back to early 2011, people have downloaded the Brightest Flashlight app to more than 50 million Android devices — making it one of the most popular free apps on the Android marketplace. According to the FTC, most of these users probably didn’t realize that anytime they launched the app, it collected and broadcasted their locations and device IDs to advertising networks and other third parties.

Goldenshores Technologies, the developer behind the Brightest Flashlight, has agreed to settle FTC charges that the company didn’t adequately disclose what information it collected and shared — not in the app’s user agreement or anywhere else.

For more on identity theft protection best practices, please visit www.hvshred.com

Mobile Apps and Security

As always, HV Shred aims to provide valuable guidance to our  community on how to protect confidential data. These days, we use apps for everything from banking to listening to music to finding the best restaurant for lunch.  One thing we must consider in the process is the data we are sharing–even broadcasting as we take advantage of the tools provided by apps.

When we sign up with an app store or download individual apps, we may be asked for permission to let them access information on our device. Some apps may be able to access:

  • phone and email contacts
  • call logs
  • internet data
  • calendar data
  • data about the device’s location
  • the device’s unique IDs
  • information about how we use the app itself

Some apps access only the data they need to function; others access data that’s not related to the purpose of the app.

If we are providing information when using the device, someone may be collecting it – whether it’s the app developer, the app store, an advertiser, or an ad network. And if they’re collecting data, they may share it with other companies.

Spend some time verifying the extent to which downloading and using each app is sharing your information.  Consider what you know about who created the app and what it does. The app stores may include information about the company that developed the app, if the developer provides it. If the developer doesn’t provide contact information – like a website or an email address – the app may be less than trustworthy.

Android operating system users have an opportunity to read the “permissions” just before installing an app. Read them. It’s useful information that tells what information the app will access on our devices. Ask whether the permissions make sense given the purpose of the app; for example, there’s no reason for an e-book or “wallpaper” app to read text messages.

Apps are tools for tremendous convenience but also need to be implemented judiciously.

For more on identity theft protection, please visit www.hvshred.com

Identity Theft Awareness Week

HV Shred is always focused on best practices for identity theft protection.  As a reminder from a recent blog, January 13th-17th is Tax Identity Theft Awareness Week led by the Federal Trade Commission–the government division tasked with protecting American consumers.  Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Over the course of this week, the FTC is doing extra outreach and education.

Here are the basics: The IRS uses your Social Security Number (SSN) to make sure your filing is accurate and complete, and that you get any refund you are due. Identity theft can affect how your tax return is processed. An unexpected notice or letter from the IRS could alert you that someone else is using your SSN, however, the IRS doesn’t start contact with a taxpayer by sending an email, text or social media message that asks for personal or financial information. If you get an email that claims to be from the IRS, do not reply or click on any links. Instead, forward it to phishing@irs.gov.

If someone uses your SSN to file for a tax refund before you do, the IRS might think you already filed and got your refund. When you file your return later, IRS records will show the first filing and refund, and you’ll get a notice or letter from the IRS saying more than one return was filed for you.

If someone uses your SSN to get a job, the employer may report that person’s income to the IRS using your SSN. When you file your tax return, you won’t include those earnings. IRS records will show you failed to report all your income. The agency will send you a notice or letter saying you got wages but didn’t report them. The IRS doesn’t know those wages were reported by an employer you don’t know.

If you think someone used your SSN for a tax refund or a job — or the IRS sends you a notice or letter indicating a problem — contact the IRS immediately. Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future.

Specifically in New York, the FTC is hosting an educational program on Tuesday, January 14th from 4-6pm at Fordham Law School, Room 430 B/C, 140 W. 62nd Street,  New York, NY  The event will feature a speaker from the IRS, the FTC, Legal Services, among others.

For more on best practices for identity theft protection, please visit www.hvshred.com

A Banner Year for HV Shred’s Recycling Efforts

Happy 2014!  We thank all who supported us through 2013 and are excited to share the news that together we recycled nearly 600 tons of confidential paperwork.

In 2013, HV Shred clients helped save:

  • over 10,000 trees
  • over 4 million gallons of water
  • over 250,000 gallons of oil
  • over 1800 cubic yards of landfill space
  • over 2 million Kilowatt hours of electricity

That’s over a 10% increase over last year, so let’s keep the increased recycling efforts rolling!

To learn more about our on-site shredding and recycling service, please visit www.hvshred.com

Shredding to Avoid Expensive Government Fines

With all the talk about the new healthcare law and, hopefully, the millions of people who will now have health coverage who didn’t before, it seems like a good time to remind healthcare providers and patients about the laws regarding “Protected Health Information (PHI)”.

The laws regulating the secure storage and disposal of PHI are becoming more and more well known.  HITECH and HIPPA were put in place to ensure patient information is protected as the industry makes strides towards more easily accessed health information for providers.

The laws require that all personnel handling the disposal of protected health information (PHI) be properly trained in the process. No PHI document is to be dumped into public waste management facilities. All PHI paper materials are to be destroyed by: shredding, burning, or pulping. Prescription bottles with patient information are to be stored in opaque bags and destroyed properly by a disposal vendor. Any digital information is to be cleared or purged from the system.

These laws have been put into place to ensure everyone’s safety. It is extremely important that these guidelines are followed meticulously. Providing the best care for patients requires diligence in keeping their sensitive information safe.

Non-compliance is not only irresponsible to patients—it is EXPENSIVE.  Penalties upwards of $250,000 can be fined for “willful neglect”. It is the hope of the government that a safer environment will be created for patients.

For more information or assistance in shredding sensitive information, visit www.hvshred.com

FTC Advice for Target Department Store Victims

Borrowing again from the FTC’s valuable resources, this information is key for any potential victim of the recent breach at Target Stores.  By its own admission, Target announced that any credit or debit card used in a Target store in the U.S. between November 27 and December 15 may have been compromised. According to the announcement, the stolen information includes the customer’s name, credit or debit card number, and the card’s expiration date and three digit security code CVV1 (a security code stored on your card’s magnetic stripe).

In light of this announcement, the FTC recommends:

*If you recently used your credit or debit card in a Target store, check your account. If you see charges that you don’t recognize, immediately report them to the fraud department of your bank or credit card provider.

*Going forward, continue to monitor your accounts and check that the information on your credit report is accurate. Your credit report includes information about your credit card accounts and other bills you pay. The law requires the three nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to give you a free copy of your credit report every 12 months if you ask for it. To get your report, visit AnnualCreditReport.com or call 1-877-322-8228. You’ll have to provide some personal and financial information to get your report. For information about how to correct errors in your report, visit ftc.gov/freereports.

To file a complaint, visit ftc.gov/complaint.  For information about identity theft, visit ftc.gov/idtheft.

For more information on identity theft best practices, please visit www.hvshred.com