Kroll Fraud Solutions Blog – A Dialogue on Data Security

Last month Colorado’s governor signed into law the Protections for Youth in Foster Care Act which, among other things, mandates that certain children in foster care between ages of 16 and 18 be provided a free credit report and assistance in resolving any inaccuracies. Children in foster care are especially vulnerable to having their personal identifiers misused by others due in part to the number of people who might have access to their information.

In a series of articles about medical identity theft from Scripps Howard News Service, a much-needed light is shed on an issue that is particularly damaging to victims – denial of access to their own personal medical records.

In particular, the article exposes a very common misinterpretation of HIPAA Privacy Rule, whereby providers believe that they would be violating the thief’s right to privacy by providing the identity theft victim access to his or her own medical record. It’s unfortunate that this is the case – according to the Federal Trade Commission, even in cases of identity theft, “patients have the right to get a copy of their records.” Further, patients have the right to an accounting of disclosures, to learn where the medical information was shared, and to have their medical records amended or corrected, or at the very least, have an explanation of dispute placed in the file to avoid future problems with the victim’s medical information.

When the Federal Trade Commission Consumer Sentinel Network Data Book was released earlier this year, it indicated that, based on consumer reported incidents, government document/benefit fraud was now the most common form of identity theft. This type of fraud involves the illegal use or counterfeiting of government-issued forms and documents (i.e., driver’s license, Social Security card, birth certificate), or the willful misrepresentation of identity to gain some form of benefit (i.e., Social Security, welfare, unemployment benefits).

Once again, Kroll’s data security education efforts are in full swing as our experts participate in three upcoming International Association of Privacy Professionals (IAPP) events.

This week, Kroll’s Greg Brown will be speaking with David Navetta of Information Law Group at the KnowledgeNet event to be held in Dallas, Texas on April 21. The topic is “Risk and Response: Defining an Event The Legal Ramifications, Requirements and Managing Expectations.” Registration for this event closes tomorrow, so be sure to register if you plan to attend.

There are many technology fixes that help businesses avoid phishing emails and other outside attacks. But an extremely feasible method of first line defense against spear phishing is training employees. Help them heighten their awareness of what to look for as suspicious emails and encourage them to modify their “usual” behaviors:

• Make sure employees fully understand the company’s security and privacy guidelines, so they will recognize phishing emails that run contrary to them – for instance, no one in the IT department would have a need to contact employees via e-mail and request they share their passwords.