As always, HV Shred aims to provide valuable guidance to our  community on how to protect confidential data. These days, we use apps for everything from banking to listening to music to finding the best restaurant for lunch.  One thing we must consider in the process is the data we are sharing–even broadcasting as we take advantage of the tools provided by apps.

When we sign up with an app store or download individual apps, we may be asked for permission to let them access information on our device. Some apps may be able to access:

• phone and email contacts
• call logs
• internet data
• calendar data
• data about the device’s location
• the device’s unique IDs
• information about how we use the app itself

Some apps access only the data they need to function; others access data that’s not related to the purpose of the app.

If we are providing information when using the device, someone may be collecting it – whether it’s the app developer, the app store, an advertiser, or an ad network. And if they’re collecting data, they may share it with other companies.

Spend some time verifying the extent to which downloading and using each app is sharing your information.  Consider what you know about who created the app and what it does. The app stores may include information about the company that developed the app, if the developer provides it. If the developer doesn’t provide contact information – like a website or an email address – the app may be less than trustworthy.

Android operating system users have an opportunity to read the “permissions” just before installing an app. Read them. It’s useful information that tells what information the app will access on our devices. Ask whether the permissions make sense given the purpose of the app; for example, there’s no reason for an e-book or “wallpaper” app to read text messages.

Apps are tools for tremendous convenience but also need to be implemented judiciously.

For more on identity theft protection, please visit www.hvshred.com

HV Shred is always focused on best practices for identity theft protection.  As a reminder from a recent blog, January 13th-17th is Tax Identity Theft Awareness Week led by the Federal Trade Commission–the government division tasked with protecting American consumers.  Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Over the course of this week, the FTC is doing extra outreach and education.

Here are the basics: The IRS uses your Social Security Number (SSN) to make sure your filing is accurate and complete, and that you get any refund you are due. Identity theft can affect how your tax return is processed. An unexpected notice or letter from the IRS could alert you that someone else is using your SSN, however, the IRS doesn’t start contact with a taxpayer by sending an email, text or social media message that asks for personal or financial information. If you get an email that claims to be from the IRS, do not reply or click on any links. Instead, forward it to phishing@irs.gov.

If someone uses your SSN to file for a tax refund before you do, the IRS might think you already filed and got your refund. When you file your return later, IRS records will show the first filing and refund, and you’ll get a notice or letter from the IRS saying more than one return was filed for you.

If someone uses your SSN to get a job, the employer may report that person’s income to the IRS using your SSN. When you file your tax return, you won’t include those earnings. IRS records will show you failed to report all your income. The agency will send you a notice or letter saying you got wages but didn’t report them. The IRS doesn’t know those wages were reported by an employer you don’t know.

If you think someone used your SSN for a tax refund or a job — or the IRS sends you a notice or letter indicating a problem — contact the IRS immediately. Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future.

Specifically in New York, the FTC is hosting an educational program on Tuesday, January 14th from 4-6pm at Fordham Law School, Room 430 B/C, 140 W. 62^nd Street,  New York, NY  The event will feature a speaker from the IRS, the FTC, Legal Services, among others.

For more on best practices for identity theft protection, please visit www.hvshred.com

Happy 2014!  We thank all who supported us through 2013 and are excited to share the news that together we recycled nearly 600 tons of confidential paperwork.

In 2013, HV Shred clients helped save:

• over 10,000 trees
• over 4 million gallons of water
• over 250,000 gallons of oil
• over 1800 cubic yards of landfill space
• over 2 million Kilowatt hours of electricity

That’s over a 10% increase over last year, so let’s keep the increased recycling efforts rolling!

To learn more about our on-site shredding and recycling service, please visit www.hvshred.com

With all the talk about the new healthcare law and, hopefully, the millions of people who will now have health coverage who didn’t before, it seems like a good time to remind healthcare providers and patients about the laws regarding “Protected Health Information (PHI)”.

The laws regulating the secure storage and disposal of PHI are becoming more and more well known.  HITECH and HIPPA were put in place to ensure patient information is protected as the industry makes strides towards more easily accessed health information for providers.

The laws require that all personnel handling the disposal of protected health information (PHI) be properly trained in the process. No PHI document is to be dumped into public waste management facilities. All PHI paper materials are to be destroyed by: shredding, burning, or pulping. Prescription bottles with patient information are to be stored in opaque bags and destroyed properly by a disposal vendor. Any digital information is to be cleared or purged from the system.

These laws have been put into place to ensure everyone’s safety. It is extremely important that these guidelines are followed meticulously. Providing the best care for patients requires diligence in keeping their sensitive information safe.

Non-compliance is not only irresponsible to patients—it is EXPENSIVE.  Penalties upwards of $250,000 can be fined for “willful neglect”. It is the hope of the government that a safer environment will be created for patients.

For more information or assistance in shredding sensitive information, visit www.hvshred.com

Borrowing again from the FTC’s valuable resources, this information is key for any potential victim of the recent breach at Target Stores.  By its own admission, Target announced that any credit or debit card used in a Target store in the U.S. between November 27 and December 15 may have been compromised. According to the announcement, the stolen information includes the customer’s name, credit or debit card number, and the card’s expiration date and three digit security code CVV1 (a security code stored on your card’s magnetic stripe).

In light of this announcement, the FTC recommends:

*If you recently used your credit or debit card in a Target store, check your account. If you see charges that you don’t recognize, immediately report them to the fraud department of your bank or credit card provider.

*Going forward, continue to monitor your accounts and check that the information on your credit report is accurate. Your credit report includes information about your credit card accounts and other bills you pay. The law requires the three nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to give you a free copy of your credit report every 12 months if you ask for it. To get your report, visit AnnualCreditReport.com or call 1-877-322-8228. You’ll have to provide some personal and financial information to get your report. For information about how to correct errors in your report, visit ftc.gov/freereports.

To file a complaint, visit ftc.gov/complaint.  For information about identity theft, visit ftc.gov/idtheft.

For more information on identity theft best practices, please visit www.hvshred.com

Following up on last week’s blog announcing the FTC’s Tax Identity Theft Awareness Week, here is a review of steps to take if you have the unfortunate experience of falling victim.

If you think someone used your SSN for a tax refund or a job — or the IRS sends you a notice or letter indicating a problem — contact the IRS immediately. Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future.

A first step is to contact the IRS and report the fraud to the IRS

Send a copy of your police report or an IRS ID Theft Affidavit Form 14039 and proof of
your identity, such as a copy of your Social Security card, driver’s license or passport.

Update your files being sure to record the dates you made calls or sent letters. Keep copies of letters in your files.

To limit further damage, once you’ve contacted the IRS, you should also consider putting a fraud alert on your credit reports and ordering fresh copies of your credit reports for review.

For more information on best practices regarding identity theft protection, please visit www.hvshred.com

The FTC (the government office tasked with identity theft related issues) recently announced January 13-17 as Tax Identity Theft Awareness Week.

What follows is excerpted from the FTC’s recent blog.

“The IRS uses your Social Security Number (SSN) to make sure your filing is accurate and complete, and that you get any refund you are due. Identity theft can affect how your tax return is processed. An unexpected notice or letter from the IRS could alert you that someone else is using your SSN, however, the IRS doesn’t start contact with a taxpayer by sending an email, text or social media message that asks for personal or financial information. If you get an email that claims to be from the IRS, do not reply or click on any links. Instead, forward it to phishing@irs.gov.
If someone uses your SSN to file for your tax refund before you file, they may get your refund. When you file your return later, IRS records will show the first filing and refund, and you’ll get a notice or letter from the IRS saying more than one return was filed for you.
If someone uses your SSN to get a job, the employer may report that person’s income to the IRS using your SSN. When you file your tax return, you won’t include those earnings. IRS records will show you failed to report all your income. The agency will send you a notice or letter saying you got wages but didn’t report them. The IRS doesn’t know those wages were reported by an employer you don’t know.
If you think someone used your SSN for a tax refund or a job — or the IRS sends you a notice or letter indicating a problem — contact the IRS immediately. Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future.”

For more on identity theft prevention, please visit www.hvshred.com

Thanksgiving is in the rear view mirror and that means the holiday shopping season is now at full steam ahead.

As we have noted in the past in this blog, we have found the FTC (the government office charged with dealing with Identity theft issues) to be a useful resource. What follows is the tips recently posted for best practices for on-line shopping.
With the on-line holiday shopping season heating up with “Cyber Monday”, please review these tips before “heading to the stores”

• Read reviews. Type the name of the product or company into a search engine along with words like “review,” “complaint,” or “scam.” Be sure to read a few reviews — don’t rely on just one source.
• Look for coupon codes. Search the store’s name with terms like “coupons,” “discounts,” or “free shipping.”
• Know the terms. Find out what the refund/exchange policies are, and if there are any charges (like shipping costs or restocking fees) if you return a product.
• Pay by credit card. Credit cards give you protections that other methods of payment may not. If there’s a problem, you have the right to dispute charges and temporarily withhold payment while your dispute is investigated.
• Use secure checkout. Before you enter your credit card information online, check that the website address starts with “https”. The “s” stands for secure. If you don’t see the “s,” don’t enter your information.

For more helpful tips for best practices related to identity theft protection, please visit www.hvshred.com

As we dig into the meat of the final quarter of 2013, we suggest businesses take a serious look at their current document filing practices.  Many companies keep on storing more documents year after year because they have no idea when they are supposed to get rid of them.  By default, they typically remain in a heap in the back corner of the most distant warehouse, tucked away in a basement or attic, or out of sight out of mind at an expensive storage facility.  No matter what, the paperwork is eating up valuable resources that should be put to better uses.  For companies that have been in operation for many years, this can become a considerable burden—especially if management has been purchasing expensive filing cabinets to store the old records or paying rent at a storage facility.

We suggest management work with the company’s CPA’s and lawyers to construct a document-destruction policy. The policy should take into account the document retention requirements of all federal, state, and local regulatory agencies, always adopting the longest required retention periods.

The next step is to eliminate all items for which there is no legal reason to keep.  Bringing in an on-site shredding service provides the assurance of witnessing the proper disposal as well as the benefit of the certificate of destruction to demonstrate due diligence with respect to the law.  In addition to seeing significant savings in storage space and efficiency, companies can also feel good about the fact that the shredded paper will be recycled.

For more information on on-site document destruction, please visit www.hvshred.com