The Emergence of the Class Action Data Breach Lawsuit:  Just one more reason it is imperative to take all means possible when it comes to protecting customer information.  A recent $3 million class action data breach lawsuit awarded by a Florida court in mid-March of 2014 sets the stage for many more such settlements.

The suit was the outgrowth of a laptop lost by AvMed, a Florida-based health insurer. According to widely published reports, after having been dismissed twice by lower courts, the U.S. Court of Appeals for the Eleventh Circuit allowed several of the claims, including those pertaining to negligence and breach of contract, to remain, and remanded the case back to the district court. The failure to dismiss the claims, a first in this type of legal action, is what then promoted AvMed to seek a settlement.

According to industry expert Bob Johnson, “Up until this Florida ruling, however, every such attempt had been summarily dismissed based on the absence of demonstrated financial damages. That’s why this is so significant. For the first time in history, with no damages directly related to the breach, the court allowed the case to proceed.”

This ruling could mean that in addition to the cost of breach reporting, credit monitoring and embarrassing headlines, class-action awards are more likely to be a costly consequence of data breaches in the future. Second, this precedent will provide an incentive for lawyers who specialize in class-actions to bring more such cases.

Following up on our recent posts on The Red Flags Rule, the key is better policies, better employee training, and heightened awareness of safe storage and disposal of customer data.

For more information on on-site shredding service and best practices in identity theft prevention, please visit www.hvshred.com

Continuing with our goal to educated businesses on proper compliance with the Red Flags Rule, today is an overview of the 4 step process.  We will cover each step in more detail in the coming weeks.  For now, here is an overview of the 4 steps:

Step 1: Identify relevant Red Flags- the potential patterns, practices, or specific activities indicating the possibility of identity theft.  These include taking into account risk factors and sources of red flags,.

Step 2: Detect Red Flags: Sometimes, using identity verification and authentication methods can help detect red flags. Consider whether business procedures should differ if an identity verification or authentication is taking place in person, by telephone, mail, or online.

Step 3: Prevent and mitigate identity theft: Upon spotting a red flag, be prepared to respond appropriately. The response will depend on the degree of risk posed. It may need to accommodate other legal obligations, like laws about providing and terminating service.

Step 4: Keep the program up to date: The Rule recognizes that new red flags emerge as technology changes or identity thieves change their tactics, and requires periodic updates to your program. Factor in personal experience with identity theft; changes in how identity thieves operate; new methods to detect, prevent, and mitigate identity theft; changes in the accounts offered; and changes in the  business community, like mergers, acquisitions, alliances, joint ventures, and arrangements with service providers.

Tune in again next week for more details.  Our goal is to help our business community with compliance which will, of course, also help protect every individual in the community as well from identity theft.  More at www.hvshred.com

This week, we start a series aimed at educating business about their legal responsibilities regarding protecting consumers’ private information.

First, some background:  According to the Federal Trade Commission (the government organization charged with consumer protection), an estimated nine million Americans have their identities stolen each year. Identity thieves may drain accounts, damage credit, and even put medical treatment at risk. The cost to business — left with unpaid bills racked up by scam artists — can be staggering, too.

The Red Flags rule requires many businesses and organizations to implement a written identity theft prevention program designed to detect the “red flags” of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage. The bottom line is that a program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft.

The Federal Trade Commission (FTC) enforces the Red Flags Rule with several other agencies. Stay tuned over the next couple of weeks for our series detailing the rule.

For instant resources on identity theft protection, please visit www.hvshred.com

In a recent press release from the FTC, it seems scam artists have perhaps hit a new low.  In the latest lure to trick people into clicking on links that will download malware to their computers, scammers are sending bogus emails with the subject line “funeral notification.” The message appears to be from a legitimate funeral home, offers condolences, and invites recipients to click on a link for more information about the upcoming “celebration of your friend’s life service.” But instead of sending you to the funeral home’s website, the link sends you to a foreign domain where the scammers download malware to your computer.

Malware, short for “malicious software,” includes viruses and spyware that get installed on your computer without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.

If you get an email about a friend or loved one’s passing, the Federal Trade Commission, the nation’s consumer protection agency, says hit Delete. Don’t click on the link. You may then want to contact the funeral home or family directly to verify the information.

More tips from the FTC to reduce your risk of downloading unwanted malware and spyware include:

• Keep your security software updated.
• Don’t click on any links or open any attachments in emails unless you know who sent it and what it is.
• Download and install software only from websites you know and trust.
• Make sure your browser security setting is high enough to detect unauthorized downloads.
• Use a pop-up blocker and don’t click on any links within pop-ups.
• Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That’s a tactic scammers use to spread malware.
• Back up your data regularly.

For more information on Identity Theft Protection, please visit www.hvshred.com

Perhaps even more frequently than every day, it seems like there is a new scam hatching.  Here’s a new one we learned about from a fellow member of the NYS CPA Society.

In a recent message board post, Mr. Mendlowitz warned to be on the lookout for ‘One Ring’ cell phone scams.

It’s called the “One Ring” scam, because the scammers program computers to send thousands of calls to random cell phone numbers to ring once, and then disconnect. The scammers hope you are curious enough about the call and that you will return the call right away.

When the cell phone owner returns the call they are charged $19.95 for the international call fee. After that there is a $9.00 per minute charge. Often the victims will first hear music, then maybe advertising but it’s easy to see how quickly these charges can add up.

If anyone thinks they may have fallen for this scam, they should immediately alert their cell phone carrier and keep an eye on their cell phone bill.

For all matters related to identity protection and data safety, please visit www.hvshred.com

On-site shredding service is our main gig but those who follow this blog know we like to use this space to share public service announcements as well.  There are few topics more important than protecting our children.

The FTC has just released a its latest update on a great resource for helping to protect our children when they are on line.

Te revision of the FTC’s free guide, Net Cetera: Chatting with Kids About Being Online, is now available. The booklet has updated tips for parents, teachers, and other adults to use when talking with kids about online safety and digital citizenship.

The guide reflects changes in the online space since it came out in 2009. Among other timely and important issues, the guide includes tips on:

• (1) understanding mobile apps
• (2)using public Wi-Fi securely
• (3)recognizing text message spam

The booklet also includes information about the recent changes to the Children’s Online Privacy Protection Act (COPPA), and the rights and choices parents have in protecting their kids’ privacy online. And, of course, the guide covers key issues like cyberbullying, sexting, phishing, and computer security.

Net Cetera has topped the Best Seller list at the FTC for years. More than 9.3 million copies of the original version of the booklet were distributed in just over two years, making it one of our most-requested publications.

Order free copies of Net Cetera from the FTC’s bulk order site. Use them at the kitchen table, the all-purpose room at school, even at your local library.

For more information about identity theft protection and related topics, please visit www.hvshred.com

HV Shred is all about helping our community protect private information.  Last week, we covered the basic overview of app safety.  More specifically this week, we cover location data.

Some apps use specific location data to share maps, coupons for nearby stores, or information about who we might know nearby. Some provide location data to ad networks, which may combine it with other information in their databases to target ads based on our interests and our location.

Once an app has permission to access location data, it can do so until we change the settings on our phones. If we don’t want to share our location with advertising networks, we can opt to turn off location services in the phone’s settings. Of course, if that is done, the apps won’t be able to share information based on our location unless we enter it ourselves.

In addition, the phone uses general data about its location so our phone carriers can efficiently route calls. Even when we turn off location services in the phone’s settings, it may not be possible to completely stop it from broadcasting location data.

The point is to be mindful and selective of the apps we choose.

A recent case both metaphorically and literally shed light on the locator capability and possible abuse of apps:

Dating back to early 2011, people have downloaded the Brightest Flashlight app to more than 50 million Android devices — making it one of the most popular free apps on the Android marketplace. According to the FTC, most of these users probably didn’t realize that anytime they launched the app, it collected and broadcasted their locations and device IDs to advertising networks and other third parties.

Goldenshores Technologies, the developer behind the Brightest Flashlight, has agreed to settle FTC charges that the company didn’t adequately disclose what information it collected and shared — not in the app’s user agreement or anywhere else.

For more on identity theft protection best practices, please visit www.hvshred.com