The Emergence of the Class Action Data Breach Lawsuit:  Just one more reason it is imperative to take all means possible when it comes to protecting customer information.  A recent $3 million class action data breach lawsuit awarded by a Florida court in mid-March of 2014 sets the stage for many more such settlements.

The suit was the outgrowth of a laptop lost by AvMed, a Florida-based health insurer. According to widely published reports, after having been dismissed twice by lower courts, the U.S. Court of Appeals for the Eleventh Circuit allowed several of the claims, including those pertaining to negligence and breach of contract, to remain, and remanded the case back to the district court. The failure to dismiss the claims, a first in this type of legal action, is what then promoted AvMed to seek a settlement.

According to industry expert Bob Johnson, “Up until this Florida ruling, however, every such attempt had been summarily dismissed based on the absence of demonstrated financial damages. That’s why this is so significant. For the first time in history, with no damages directly related to the breach, the court allowed the case to proceed.”

This ruling could mean that in addition to the cost of breach reporting, credit monitoring and embarrassing headlines, class-action awards are more likely to be a costly consequence of data breaches in the future. Second, this precedent will provide an incentive for lawyers who specialize in class-actions to bring more such cases.

Following up on our recent posts on The Red Flags Rule, the key is better policies, better employee training, and heightened awareness of safe storage and disposal of customer data.

For more information on on-site shredding service and best practices in identity theft prevention, please visit www.hvshred.com

Continuing with our goal to educated businesses on proper compliance with the Red Flags Rule, today is an overview of the 4 step process.  We will cover each step in more detail in the coming weeks.  For now, here is an overview of the 4 steps:

Step 1: Identify relevant Red Flags- the potential patterns, practices, or specific activities indicating the possibility of identity theft.  These include taking into account risk factors and sources of red flags,.

Step 2: Detect Red Flags: Sometimes, using identity verification and authentication methods can help detect red flags. Consider whether business procedures should differ if an identity verification or authentication is taking place in person, by telephone, mail, or online.

Step 3: Prevent and mitigate identity theft: Upon spotting a red flag, be prepared to respond appropriately. The response will depend on the degree of risk posed. It may need to accommodate other legal obligations, like laws about providing and terminating service.

Step 4: Keep the program up to date: The Rule recognizes that new red flags emerge as technology changes or identity thieves change their tactics, and requires periodic updates to your program. Factor in personal experience with identity theft; changes in how identity thieves operate; new methods to detect, prevent, and mitigate identity theft; changes in the accounts offered; and changes in the  business community, like mergers, acquisitions, alliances, joint ventures, and arrangements with service providers.

Tune in again next week for more details.  Our goal is to help our business community with compliance which will, of course, also help protect every individual in the community as well from identity theft.  More at www.hvshred.com

This week, we start a series aimed at educating business about their legal responsibilities regarding protecting consumers’ private information.

First, some background:  According to the Federal Trade Commission (the government organization charged with consumer protection), an estimated nine million Americans have their identities stolen each year. Identity thieves may drain accounts, damage credit, and even put medical treatment at risk. The cost to business — left with unpaid bills racked up by scam artists — can be staggering, too.

The Red Flags rule requires many businesses and organizations to implement a written identity theft prevention program designed to detect the “red flags” of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage. The bottom line is that a program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft.

The Federal Trade Commission (FTC) enforces the Red Flags Rule with several other agencies. Stay tuned over the next couple of weeks for our series detailing the rule.

For instant resources on identity theft protection, please visit www.hvshred.com

In a recent press release from the FTC, it seems scam artists have perhaps hit a new low.  In the latest lure to trick people into clicking on links that will download malware to their computers, scammers are sending bogus emails with the subject line “funeral notification.” The message appears to be from a legitimate funeral home, offers condolences, and invites recipients to click on a link for more information about the upcoming “celebration of your friend’s life service.” But instead of sending you to the funeral home’s website, the link sends you to a foreign domain where the scammers download malware to your computer.

Malware, short for “malicious software,” includes viruses and spyware that get installed on your computer without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.

If you get an email about a friend or loved one’s passing, the Federal Trade Commission, the nation’s consumer protection agency, says hit Delete. Don’t click on the link. You may then want to contact the funeral home or family directly to verify the information.

More tips from the FTC to reduce your risk of downloading unwanted malware and spyware include:

• Keep your security software updated.
• Don’t click on any links or open any attachments in emails unless you know who sent it and what it is.
• Download and install software only from websites you know and trust.
• Make sure your browser security setting is high enough to detect unauthorized downloads.
• Use a pop-up blocker and don’t click on any links within pop-ups.
• Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That’s a tactic scammers use to spread malware.
• Back up your data regularly.

For more information on Identity Theft Protection, please visit www.hvshred.com

Perhaps even more frequently than every day, it seems like there is a new scam hatching.  Here’s a new one we learned about from a fellow member of the NYS CPA Society.

In a recent message board post, Mr. Mendlowitz warned to be on the lookout for ‘One Ring’ cell phone scams.

It’s called the “One Ring” scam, because the scammers program computers to send thousands of calls to random cell phone numbers to ring once, and then disconnect. The scammers hope you are curious enough about the call and that you will return the call right away.

When the cell phone owner returns the call they are charged $19.95 for the international call fee. After that there is a $9.00 per minute charge. Often the victims will first hear music, then maybe advertising but it’s easy to see how quickly these charges can add up.

If anyone thinks they may have fallen for this scam, they should immediately alert their cell phone carrier and keep an eye on their cell phone bill.

For all matters related to identity protection and data safety, please visit www.hvshred.com

On-site shredding service is our main gig but those who follow this blog know we like to use this space to share public service announcements as well.  There are few topics more important than protecting our children.

The FTC has just released a its latest update on a great resource for helping to protect our children when they are on line.

Te revision of the FTC’s free guide, Net Cetera: Chatting with Kids About Being Online, is now available. The booklet has updated tips for parents, teachers, and other adults to use when talking with kids about online safety and digital citizenship.

The guide reflects changes in the online space since it came out in 2009. Among other timely and important issues, the guide includes tips on:

• (1) understanding mobile apps
• (2)using public Wi-Fi securely
• (3)recognizing text message spam

The booklet also includes information about the recent changes to the Children’s Online Privacy Protection Act (COPPA), and the rights and choices parents have in protecting their kids’ privacy online. And, of course, the guide covers key issues like cyberbullying, sexting, phishing, and computer security.

Net Cetera has topped the Best Seller list at the FTC for years. More than 9.3 million copies of the original version of the booklet were distributed in just over two years, making it one of our most-requested publications.

Order free copies of Net Cetera from the FTC’s bulk order site. Use them at the kitchen table, the all-purpose room at school, even at your local library.

For more information about identity theft protection and related topics, please visit www.hvshred.com

HV Shred is all about helping our community protect private information.  Last week, we covered the basic overview of app safety.  More specifically this week, we cover location data.

Some apps use specific location data to share maps, coupons for nearby stores, or information about who we might know nearby. Some provide location data to ad networks, which may combine it with other information in their databases to target ads based on our interests and our location.

Once an app has permission to access location data, it can do so until we change the settings on our phones. If we don’t want to share our location with advertising networks, we can opt to turn off location services in the phone’s settings. Of course, if that is done, the apps won’t be able to share information based on our location unless we enter it ourselves.

In addition, the phone uses general data about its location so our phone carriers can efficiently route calls. Even when we turn off location services in the phone’s settings, it may not be possible to completely stop it from broadcasting location data.

The point is to be mindful and selective of the apps we choose.

A recent case both metaphorically and literally shed light on the locator capability and possible abuse of apps:

Dating back to early 2011, people have downloaded the Brightest Flashlight app to more than 50 million Android devices — making it one of the most popular free apps on the Android marketplace. According to the FTC, most of these users probably didn’t realize that anytime they launched the app, it collected and broadcasted their locations and device IDs to advertising networks and other third parties.

Goldenshores Technologies, the developer behind the Brightest Flashlight, has agreed to settle FTC charges that the company didn’t adequately disclose what information it collected and shared — not in the app’s user agreement or anywhere else.

For more on identity theft protection best practices, please visit www.hvshred.com

As always, HV Shred aims to provide valuable guidance to our  community on how to protect confidential data. These days, we use apps for everything from banking to listening to music to finding the best restaurant for lunch.  One thing we must consider in the process is the data we are sharing–even broadcasting as we take advantage of the tools provided by apps.

When we sign up with an app store or download individual apps, we may be asked for permission to let them access information on our device. Some apps may be able to access:

• phone and email contacts
• call logs
• internet data
• calendar data
• data about the device’s location
• the device’s unique IDs
• information about how we use the app itself

Some apps access only the data they need to function; others access data that’s not related to the purpose of the app.

If we are providing information when using the device, someone may be collecting it – whether it’s the app developer, the app store, an advertiser, or an ad network. And if they’re collecting data, they may share it with other companies.

Spend some time verifying the extent to which downloading and using each app is sharing your information.  Consider what you know about who created the app and what it does. The app stores may include information about the company that developed the app, if the developer provides it. If the developer doesn’t provide contact information – like a website or an email address – the app may be less than trustworthy.

Android operating system users have an opportunity to read the “permissions” just before installing an app. Read them. It’s useful information that tells what information the app will access on our devices. Ask whether the permissions make sense given the purpose of the app; for example, there’s no reason for an e-book or “wallpaper” app to read text messages.

Apps are tools for tremendous convenience but also need to be implemented judiciously.

For more on identity theft protection, please visit www.hvshred.com

HV Shred is always focused on best practices for identity theft protection.  As a reminder from a recent blog, January 13th-17th is Tax Identity Theft Awareness Week led by the Federal Trade Commission–the government division tasked with protecting American consumers.  Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Over the course of this week, the FTC is doing extra outreach and education.

Here are the basics: The IRS uses your Social Security Number (SSN) to make sure your filing is accurate and complete, and that you get any refund you are due. Identity theft can affect how your tax return is processed. An unexpected notice or letter from the IRS could alert you that someone else is using your SSN, however, the IRS doesn’t start contact with a taxpayer by sending an email, text or social media message that asks for personal or financial information. If you get an email that claims to be from the IRS, do not reply or click on any links. Instead, forward it to phishing@irs.gov.

If someone uses your SSN to file for a tax refund before you do, the IRS might think you already filed and got your refund. When you file your return later, IRS records will show the first filing and refund, and you’ll get a notice or letter from the IRS saying more than one return was filed for you.

If someone uses your SSN to get a job, the employer may report that person’s income to the IRS using your SSN. When you file your tax return, you won’t include those earnings. IRS records will show you failed to report all your income. The agency will send you a notice or letter saying you got wages but didn’t report them. The IRS doesn’t know those wages were reported by an employer you don’t know.

If you think someone used your SSN for a tax refund or a job — or the IRS sends you a notice or letter indicating a problem — contact the IRS immediately. Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your IRS account from identity thieves in the future.

Specifically in New York, the FTC is hosting an educational program on Tuesday, January 14th from 4-6pm at Fordham Law School, Room 430 B/C, 140 W. 62^nd Street,  New York, NY  The event will feature a speaker from the IRS, the FTC, Legal Services, among others.

For more on best practices for identity theft protection, please visit www.hvshred.com

Happy 2014!  We thank all who supported us through 2013 and are excited to share the news that together we recycled nearly 600 tons of confidential paperwork.

In 2013, HV Shred clients helped save:

• over 10,000 trees
• over 4 million gallons of water
• over 250,000 gallons of oil
• over 1800 cubic yards of landfill space
• over 2 million Kilowatt hours of electricity

That’s over a 10% increase over last year, so let’s keep the increased recycling efforts rolling!

To learn more about our on-site shredding and recycling service, please visit www.hvshred.com