slide1 l.
Skip this Video
Loading SlideShow in 5 Seconds..
Protecting Citizens’ Personal Information PowerPoint Presentation
Download Presentation
Protecting Citizens’ Personal Information

Loading in 2 Seconds...

play fullscreen
1 / 32

Protecting Citizens’ Personal Information - PowerPoint PPT Presentation

  • Uploaded on

Protecting Citizens’ Personal Information. HIPAA Solutions, LC What’s Personal Information. Financial Information Banking & Credit Investments & Mortgage Signatures Notary Seals Demographic Name, Address, Birth Certificate Government Related

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Protecting Citizens’ Personal Information' - DoraAna

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Protecting Citizens’ Personal Information

HIPAA Solutions, LC

what s personal information
What’s Personal Information

Financial Information

  • Banking & Credit
  • Investments & Mortgage
  • Signatures
  • Notary Seals


  • Name, Address, Birth Certificate

Government Related

  • Social Security Number
  • Driver’s License
  • Gun Permit
  • Military Records
  • Court Records & Probate
  • Infrastructure

Health Information

  • Medical Records & Insurance
who uses personal information
Who Uses Personal Information

Financial & Credit Institutions

  • Banking & Finance
  • Credit Card


  • Permits, Licenses, Courts, SSN, Veterans, Administrative, Taxes, Student Records, Property, Security, Law Enforcement

Health Care Providers

  • Medical Records, Insurance


  • Benefits, Pay Records, Taxes, SSN, Personnel & Hiring, Background Checks, Security


  • Retail Transactions, Credit Checks, Insurance, Contracts, Real Estate Title Companies, Land Brokers
who else uses personal information
Who ELSE Uses Personal Information

Commercial & Political Organizations

  • Marketing Groups
  • “Data Mining” Organizations
  • Risk Evaluation – Insurance & Credit Companies
  • Foreign Companies
  • Campaigns & Political Organizations


  • Financial Gain – Identity Theft & Fraud
  • Illegal immigration
  • Criminal Alias’s
  • Medical Fraud – Medicaid & Medicare
  • Insurance
  • Real Estate Fraud
  • Stalkers
  • Organized Crime
  • Forgers
  • Terrorists
why protect personal information
Why Protect Personal Information
  • Financial Loss
  • Credit Risk
  • Employment Risk
  • Disruption of Lives
  • Increased Cost of Products & Services
  • Taxes for Law Enforcement
  • Health Danger
  • Family & Children
  • Stalkers
  • National Security
  • Illegal Immigration
real risks
Real Risks

2006 FTC report on Identity Theft & Fraud

  • Texas 4th on list of complaints of ID Theft per 1,000 citizens
  • Texas has 4 of top 30 Metro areas with highest % of ID theft complaints per number of citizens
  • Almost half of top 50 cities based on number of complaints per population are in border states 
  • Jan-Dec 2006 - Consumer Sentinel (complaint database developed by FTC) received over 670,000 consumer fraud and identity theft complaints.
  • Total overall losses in US for 2006 were $49 billion

why protect personal information7
Why Protect Personal Information

. . . Darwin Professional Underwriters, analyzed data from media reports and other sources to come up with algorithms . . .

. . . . a breach that exposes 75,000 identities will cost an organization $9.9 million on average.One third of the cost or $3.47 million is needed to provide credit monitoring to alert potential victims when their information is misused.

. . . Last year, Chicago voters filed a class action lawsuit against the Elections board for a similar breach involving voter registration information of 1.3 million voters published on the Board's Web site.

. . . recent reports indicate credit monitoring is insufficient protection for people whose confidential information is known to have been compromised. . . .

real risks financial
Real Risks - Financial
  • Internet security threat report from Symantec Corp.
  • Rate for the keys to assuming someone else's identity can be had for between $14 and $18 per victim on underground cyber crime forums.
  • Full identities typically include Social Security numbers, the victim's bank account information (including passwords), as well as personal information such as date of birth and the maiden name of the victim's mother.
  • TOTAL number of records containing sensitive personal information involved in security breachesOVER 150 million records . . .
real risks financial9
Real Risks - Financial

Man victimized again and again by ID theft

For two years now, Mark Maynard has repeatedly been mistaken for a felon named Kevin O'Rourke. The ordeal has nearly cost Maynard his benefits and once put him in jail.

By CLAUDIA ROWE Seattle Post Intelligencer - P-I REPORTER

It was a benign-looking letter, just a business-sized envelope from a Seattle department store that came with the morning mail. But for Mark Maynard, it signaled the start of a bureaucratic maze worthy of Franz Kafka's nastiest nightmares.

For the past two years, the retired Coast Guard veteran has been repeatedly mistaken for a convicted thief named Kevin O'Rourke, who once passed himself off as Maynard by presenting a fake driver's license. From that moment on, the disabled yeoman has been entangled in a net of ever-more-complex legal problems.

In the past seven years, Social Security has received 94 million warrant files from states seeking fugitives such as O'Rourke. That Maynard's name got swept up in the data stream is an unfortunate but rare occurrence, a spokesman with the agency said. . . .

real risks immigration
Real Risks - Immigration

Red Tape Chronicles - - Bob Sullivan

Author of “Your Evil Twin: Behind the Identity Theft Epidemic”

. . . Linda Trevino, who lives in a Chicago suburb, applied for a job last year at a local Target department store, and was denied.  The reason? She already worked there -- or rather, her Social Security number already worked there. 

Follow-up investigation revealed the same Social Security number had been used to obtain work at 37 other employers, mostly by illegal immigrants trying to satisfy government requirements to get a job. . . . .

. . . research and government reports suggest hundreds of thousands of American citizens are in the same spot -- unknowingly lending their identity to illegal immigrants so they can work. And while several government agencies and private corporations sometimes know whose Social Security numbers are being ripped off, they won't notify the victims. That is, until they come after the victims for back taxes or unpaid loans owed by the imposter. . . .

real risks immigration11
Real Risks – Immigration


Federal Loans


School System

Terrorist Infiltration

Voter Fraud

real risks homeland security
Real Risks – Homeland Security

Dan Verton, in his book Black Ice: The Invisible Threat of Cyberterrorism (2003), explains that "al-Qaeda cells now operate with the assistance of large databases containing details of potential targets in the U.S. They use the Internet to collect intelligence on those targets, especially critical economic nodes, and modern software enables them to study structural weaknesses in facilities as well as predict the cascading failure effect of attacking certain systems."

According to Secretary of Defense Donald Rumsfeld, speaking on January 15, 2003, an al Qaeda training manual recovered in Afghanistan tells its readers, "Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy."

real risks healthcare
Real Risks - Healthcare

Doctors, insurers ask, ‘Who are you?’

Medical identity theft, on the rise, can threaten lives as well as wallets

By Anne Thompson and Alex Johnson / NBC News / April 4, 2007

Andrew Brooke’s family knew something was screwy when they got a collection notice for unpaid bills for treatment of his work-related back injury, which included large prescriptions of the controlled painkiller Oxycontin.

“I’m looking at this bill, and I’m looking at my 3-week-old baby that can’t even hold his head up, and it’s just a sense of outrage,” said Andrew’s father, John Brooke, of Bothell, Wash., a suburb of Seattle.

Likewise, Jo-Ann Davis knew there was a mistake when a cop greeted her at the pharmacy where she had gone to pick up a prescription in early 2005.

“I’ve never even had a speeding ticket,” said Davis, a veterinary technician from Moon, Pa., near Pittsburgh.

Medical providers, it turned out, thought Andrew and Davis were other people. Their medical identities had been stolen.

These are not isolated incidents: In a report last year, the World Privacy Forum found that the number of Americans identifying themselves in government documents as victims of medical identity theft had nearly tripled in just four years, to more than a quarter-million in 2005. . . .

real risks healthcare14
Real Risks - Healthcare

ID theft reaches medical realmStolen health care creates headaches, incorrect medical charts, empty wallets


Identity theft can be a nightmare. If somebody steals your credit card and makes purchases in your name, you may spend hours on the phone with banks and credit agencies trying to restore your financial reputation. But medical identity theft can be even worse. Victims lose more than just money; their very lives may be at stake. . . . .

. . . . Armed with the victim's name, Social Security number or insurance plan number, a thief may try to use that information to get free health care. . . .

More ominously, any procedures, tests or medications administered to the thief may become part of your permanent medical record. Next time you're admitted to a hospital, you may find that your chart lists the wrong blood type or says you are on medications that you've never taken. This can lead to medical errors, with potentially tragic consequences.

. . . . World Privacy Forum, a nonprofit consumer education group, estimates that at least 250,000 Americans have been victimized.

Some law enforcement officials believe the high cost of health insurance may be making this form of theft more attractive to criminals.

real risks media
Real Risks - Media

Gun Owners Irked By Newspaper Database PloyBy Fred Lucas Staff WriterMarch 13, 2007 (Editor's note: The Roanoke Times on Monday night removed the online database of registered concealed handgun permit holders from its website until the Virginia State Police, which provided the information, can "verify" the data. "When we posted the information, we had every reason to believe that the data the State Police had supplied would comply with the statutes. But people have notified us that the list includes names that should not have been released,“. . .

( - Virginia handgun owners are fired up over the publication of their names and addresses in a database posted online by a state newspaper.The database of every Virginia resident who holds a state-issued permit to carry a concealed handgun was posted on the Roanoke Times' website Sunday to accompany a column in the paper by Times editorial writer Christian Trejbal. "There are good reasons the records are open to public scrutiny," Trejbal wrote. "People might like to know if their neighbors carry. Parents might like to know if a member of the car pool has a pistol in the glove box. Employees might like to know if employers are bringing weapons to the office."

real risks government
Real Risks - Government

Audit: IRS loses 490 computersBy UPI Staff April 6, 2007

WASHINGTON (UPI) -- A government audit in Washington found that the personal information of more than 2,000 taxpayers has been compromised by lost or stolen computers since 2003.

The audit, conducted by the Treasury Inspector General for Tax Administration, found that 490 Internal Revenue Service computers were lost or stolen in 387 incidents and the majority of the incidents were not reported to the IRS computer security office as regulations require, USA Today reported Thursday.

The report said IRS laptops are not equipped with sufficient password controls and encryption software to protect taxpayer information and other data from unauthorized access. . .

real risks government17
Real Risks - Government

HHS, GAO criticized over privacy reportby: Joseph Conn / HITS staff writerFebruary 5, 2007

Last week, the Government Accountability Office issued a mild rebuke to HHS over its handling of privacy and security issues while the department leads the federal effort to promote development of a national healthcare information network. Reaction to the GAO report within the privacy community was far more strident. In fact, both HHS and the GAO were zinged with criticism. The 52-page GAO report, issued Thursday, was the focus of discussion the following day in Washington at a meeting of the Senate subcommittee on federal government management, the federal workforce and the Senate Committee on Homeland Security and Governmental Affairs. The report criticized HHS for failing to establish “milestones” to measure progress in development of privacy protections and for not having a person or organization in charge of coordinating federal privacy policy initiatives. HHS disagreed with the GAO’s findings in a written rebuttal.

real risks data mining
Real Risks – Data Mining


Buyers include marketers, employers, government agencies and thieves; Consumer Reports offers tips to limit privacy invasion and thwart identify theft - October 2006 Issue

- YONKERS, NY – The practices of commercial data brokers can rob consumers of their privacy, threaten them with identity theft and profile them as dead beats or security risks, according to an investigative report in Consumer Reports October Issue.

Choice Point, LexisNexis and Acxiom are among the largest of the horde of data brokers that generate billions of dollars in revenue by selling sensitive and personal information about millions of Americans to paying customers, sometimes including crooks looking to cash in.

CR’s three-month investigation concluded that current federal laws do not adequately safeguard American’s sensitive information, which is often collected and sold by data brokers. This information can include Social Security Numbers, phone numbers, credit card numbers, information about an individual’s prescription medication, shopping habits, political affiliations and sexual orientations. (Cont’d Next Slide)

real risks data mining19
Real Risks – Data Mining



Among the most troublesome findings of CR’s investigation: There is no way an individual can find out exactly what data collectors are telling others; and the accuracy of that data is rarely verified. . . .

CR’s investigation reveals the growth of the Internet has spawned data brokers that use deceptive practices to obtain sensitive and personal information about people and sells it to virtually anyone, sometimes with fatal consequences. . . .

Personal, sensitive information can be obtained from several sources, most commonly are public records. Some data collectors hire researchers to visit courthouses and county clerks’ offices to retrieve information from paper records. However, a growing number of state and local governments are posting personal records online, making information gathering easier and increasing the potential for abuse. In addition, consumers themselves supply tons of data, often unwittingly, because information about purchases, donations, and memberships is now widely shared. . . . . .

real risks data mining20
Real Risks – Data Mining

Courthouse for Sale – Cheap!

How  your private information ends up on computer screens in Pakistan, Nigeria, China and Russia.

David Bloys - News for Public Officials Updated May 12th, 2006

In what could be the largest single transfer of a county asset to a private company in the history of Texas, Fort Bend County Clerk Dianne Wilson recently sold every document ever filed with the county clerk’s office to a Florida-based company. Red Vision paid the county approximately $2,000 to transfer twenty million records by USB cable.  This may also be the cheapest price ever paid by a private company for the bulk purchase of document images held by a government agency.

According to Wilson, this was just business as usual. In an interview with B.J. Pollack of the Fort Bend Herald she said she sells the records "every day" in bulk to companies like Red Vision and has since 1995.

An asset that took Fort Bend County taxpayers 167 years to create and ten years to digitize was transferred to Florida in approximately 150 hours. Local taxpayers pay $1 a page for copies of their documents. Red Vision bought every document at the liquidation price of 10,000 pages for a dollar. With a mission to “revolutionize” the way banks, attorneys and title companies do business with local government, the company has more U.S. courthouses on its shopping list. . . . .

real risks data mining21
Real Risks – Data Mining

States consider limits on medical data-mining

By Joe Mullin, Associated Press Writer  |  April 7, 2007

CARSON CITY, Nev. --"Know your customer" has long been the mantra of salespeople. But this year, state lawmakers from New York to Nevada are wondering whether pharmaceutical company representatives know their physician customers too well.

Lawmakers around the country are taking a hard look at datamining companies that keep detailed records on what prescription drugs are prescribed by nearly every doctor in the U.S. Their databases, updated weekly, are stripped of patient names and sold to the drug companies, who use the information to target their sales pitches to doctors.

"Most doctors really don't know the level of detail" in the reports, said New Hampshire state Rep. Cindy Rosenwald, who sponsored a bill last year making her state the first in the nation to ban such use of the data. "I would say most doctors are shocked when they hear that drug reps really know everything they've written."

The largest health datamining company, IMS Health, joined with Verispan LLC to challenge the New Hampshire law in federal court. A decision is pending after the trial ended Feb. 5. In Canada, IMS also has challenged a 2001 Alberta ban on releasing doctors' names.

Besides Nevada and New York, other states that have considered similar bills this year include Arizona, Illinois, Kansas, Maine, Massachusetts, Rhode Island, Vermont, Washington, West Virginia and Texas. A federal bill was proposed last year, but died in committee.

Proponents say drug companies use the data to manipulate doctors and aggressively market off-patent drugs, which drives up health care prices and improperly interferes with doctors' practices. . . . .

real risks data mining22
Real Risks – Data Mining

Addressing the inevitable outcomes of privacy loss

Article published Mar 14, 2007

Privacy tends only to be addressed from the possessor's perspective. Our approach seems to be to try to whoa the horse as it's leaving the barn. Data mining is one obvious side effect of a centralized health record. But the other half of the equation is how we control the inevitable results. Despite our best efforts, someone will find a "legitimate" alternate use for this data—national security comes to mind—and someone, somewhere, will pay for the otherwise innocent activity of seeking medical help with a lost job, lost loan or other lost opportunity. We must also address the results that follow from some unknown person's interpretation of confidential information. The danger lies not in the information being accessed, but in the consequences of someone's colored interpretation. Imagine background-checking companies looking at this information and reporting back to a hiring company that one of their candidates had an abortion and one didn't and, though they are otherwise equal, some subjective decision based on private information will destroy someone's career. We know from our experience with Social Security and credit information that, despite all the best intentions, business pressures will find a way into our medical data, and unknown, unregulated viewers will be judging us and finding us lacking. . . .

real risks data mining23
Real Risks – Data Mining

DHS must assess privacy risk before using data mining tool, GAO says

The tool would be used to cull data for the fight on terrorism

March 22, 2007 (Computerworld) -- A tool being developed by the U.S. Department of Homeland Security (DHS) to help it sift through large volumes of data in the search for terrorist threats poses several privacy concerns, the Government Accountability Office (GAO) warned in a report released yesterday.

The agency also called on the DHS to conduct a privacy impact assessment of the tool immediately to help ameliorate those risks.

The tool, called ADVISE, for Analysis, Dissemination, Visualization, Insight and Semantic Enhancement, is designed to cull very large databases and search for patterns, such as relationships between individuals and organizations, to ferret out suspicious people or activity. ADVISE is currently under development by the DHS.

In its report, the GAO raised questions about whether ADVISE could erroneously associate individuals with terrorism because of faulty data, misidentify people with similar names and rely on data collected for other purposes.

real risks personal safety
Real Risks – Personal Safety

The Murder of Amy Boyer

by Robert DouglasFar too often as we grapple with the issue of balancing the privacy of Americans with the necessary and legitimate uses of Americans’ personal information the debate centers on discussions of “data”, but not the lives behind the “data”. . . .

. . . October of 1999 Amy Boyer, a young Nashua, New Hampshire woman, was leaving work with two co-workers. . . . As Amy said good-bye and closed her door, a car driven by Liam Youens sped up the street and . . . fired 11 bullets into the head and upper body of his unsuspecting 20 year-old victim. . . . . fired one last shot into his head, instantly killing himself . . . . . . . He openly planned Amy’s murder and the intended murder of others for more than a year. . . . . he documented his plans to murder Amy on a web site . . . .

. . . . . evidence showed that Youens decided to ambush Amy as she left work. But Youens had a problem. He didn’t know where Amy worked. So he started using information brokers and private investigators that run Internet based operations that specialize in obtaining and selling personal information on Americans. In separate Internet transactions Youens purchased Amy’s date of birth, social security number, home address, and finally her place of employment. Youens himself was struck by how easily he was able to purchase Amy’s personal information while concealing his evil intent. . . . .

From the Testimony of Robert Douglas, CEO, to United State Senate Committee on the Judiciary Hearing on Securing Electronic Personal Data: Striking a Balance Between Privacy and Commercial and Governmental Use

real risks business
Real Risks - Business

T.J. Maxx data theft worse than first reported

Data stolen covers transactions dating as far back as December 2002

The Associated Press March 29, 2007

BOSTON - Information from at least 45.7 million credit and debit cards was stolen by hackers who accessed TJX’s customer information in a security breach that the discount retailer disclosed more than two months ago.

TJX Cos., the owner of about 2,500 stores, said in a regulatory filing late Wednesday that about three-quarters of those cards had either expired at the time of the theft, or data from their magnetic strips had been masked — stored as asterisks rather than numbers. . . .

Data From T.J. Maxx Breach Connected To Florida Fraud

By Martin H. BosworthConsumerAffairs.Com - March 22, 2007

Personal information stolen in the massive TJX data breach was used by thieves to make $8 million in purchases from Wal-Mart stores in Florida, according to authorities.

who may oppose protection
Who May Oppose Protection


  • Data Mining Companies
  • List Brokers
  • Marketing
  • Some Title Companies
  • IT Companies
  • Political Organizations

Government -i.e. Some County Clerks

Health Care Providers - Physicians & Hospitals

Media - Freedom of Information Proponents

legislative protection
Legislative Protection


  • Social Security Act
  • Privacy Act
  • Health Insurance Portability & Accountability Act (HIPAA)
  • Family Educational Rights and Privacy Act Regulations (FERPA)
  • Fair Credit Reporting Act (FACTA)


  • Public Information Acts
  • Health Legislation


protection issues
Protection - Issues

CONSISTENCY OF LEGISLATION – A great number of statutes at Federal and State level have confusing or conflicting purposes


IMMIGRATION – Lax Enforcement – 6th arrest practice

SSN – Lax Enforcement – Standard practice to sell SSN’s

HIPAA – Lax Enforcement – 28,000 complaints, no fines until 2007

CITIZEN AWARENESS – There is a lack of awareness of issues and what to do if information is misused and who is misusing it.

MEDIA – Many in media underreport issues of personal information because of desire for access to all information in public domain

LEGISLATORS – Business interests, some officials and media lobby legislators in favor loose enforcement. “Squeaky wheel syndrome”

current issues texas ag defines problem
CURRENT ISSUES – Texas AG Defines Problem

[Attorney General] . . . Abbott, in his opinion, stressed the danger of identity theft and the potential for harm with the publication of individuals' Social Security numbers. . . .

"Indeed, it is universally agreed that Social Security numbers are at the heart of identity theft and fraud," said Abbott, "and in today's Internet world where information - including public government information - can be instantly and anonymously obtained by anyone with access to the worldwide web, the danger is even greater.". . . . Abbott stated that while Social Security numbers may be included on documents considered public record, they should be redacted . . . before they are distributed.Furthermore, Abbott pointed out that the release of Social Security numbers does not advance the aims of the Public Information Act because it "does not serve the purpose of openness in government in any forseeable way".The statute . . . Section 552.147, was created by the Texas Legislature in 2005.

current issues legislation


HB 2061 – Passed by Texas House and Senate, signed by Governor in March of 2007. Protects County Clerks who post SSN’s on internet and sell records to list brokers by declaring SSN’s contained in Clerk’s records to be not protected under PIA and also eliminates exposure to Clerk’s of criminal prosecution or civil suits for releasing SSN’s. Citizen’s given the right to ask for SSN redaction IF can identify in writing where their information is located and ask for redaction. Allows posting of unredacted information and bulk sale of documents.

better protection



Personal Information Complaints Resources . . .

Financial, Identity Theft or Fraud

Local District Attorney & AG

Social Security Number Misuse

US Attorney

Local District Attorney & AG

Misuse Health Information

Office or of Civil Rights & Dept. Of Justice

AG & Local DA