How to help your employees and provide a better service.

1. IDENTITY THEFT “ The fastest growing white-collar crime in America” According to the FBI Employer Compliance

2. Royce McCoy , CITRMS Identity Theft Risk Management Group, LLC The Institute of Fraud Risk Management is the nation’s only professional certification program ( CITRMS ) specifically developed to train and equip professionals to understand and address Identity Theft and related fraud issues.

3. Karen McCoy , CITRMS Identity Theft Risk Management Group, LLC The Institute of Fraud Risk Management is the nation’s only professional certification program ( CITRMS ) specifically developed to train and equip professionals to understand and address Identity Theft and related fraud issues.

6. Drivers License Medical Financial Identity theft is not just about credit cards, it’s a legal issue ! Over 70% of the time access to an attorney will be critical to resolve these issues. Social Security Criminal Five Common Types of Identity Theft Less than 28% 10 M sold every 6 weeks WSJ Fastest growing IDT Unofficial National ID Wrongful Arrest

7. Let’s look at a video clip From CNN showing how Identity Theft affects victims Identity Theft is in the News….

11. Correcting the victims’ records is so overwhelming it is imperative for Employers to protect the data. “ Once the credit systems accept bad data it can be next to impossible to clear.” USA Today June 5, 2007 “ Medical identity theft can impair your health and finances… and detecting this isn’t easy… and remedying the damages can be difficult.” Wall Street Journal October 11, 2007 Where the Law Becomes Logical

12. “ A rise in identity theft is presenting employers with a major headache: They are being held liable for identity theft that occurs in the workplace.” Douglas Hottle, Meyer, Unkovic & Scott, “ Workplace Identity Theft: How to Curb an HR Headache” BLR: Business and Legal Reports , September 19, 2006

15. Identity Theft Resource Center, of the approximately 44 million Americans who have been the victims of identity theft at some point, each spent an average of 600 hours and $1,495 getting their finances straightened out. And, that doesn’t include attorney’s fees. In 2004, identity theft cost financial institutions and businesses an estimated $52.6 billion,

19. …… all businesses must be able to show that they have a security plan in place. In order to comply with FACTA, Betsy Broder, the Assistant Director of that FTC division , was quoted in the March 2006 American Bar Association Journal saying that means businesses need to have a written plan describing how customer data will be safeguarded and a staff member or company officer designated to be responsible for implementing that plan . Broder went on to say, “We’re not looking for a perfect system. But we need to see that you’ve taken responsible steps to protect your customers’ information.” Now What? It’s Time to Develop a Plan!

20. According to the FTC, a “ reasonable ” plan to safeguard personal information includes: Designate an employee ( or employees) to coordinate and be responsible for the security program. … . include employee training …. Continually evaluating and adjusting the security plan….. Create a mitigation plan….. This mitigation plan should kick in when there is a privacy or security breach and there is a need to “ repair it ” immediately in the eyes of customers, government regulators, and management.

21. A sensible and effective program will go a long way towards reducing the risk of federal government enforcement , even if the security policy should fail in a particular situation and a security breach results.

22. New ‘Red Flag’ Requirements for Financial Institutions and Creditors will Help Fight Identity Theft …… requiring financial institutions and creditors to develop and implement written identity theft prevention programs , as part of the Fair and Accurate Credit Transactions (FACTA) of 2003 . The programs must be in place by November 1, 2008 , and must provide for the identification, detection, and response to patterns, practices, or specific activities — known as “red flags” — that could indicate identity theft. … a financial institution is defined as a state or national bank , a state or federal savings and loan association, a mutual savings bank, a state or federal credit union , or any other entity that holds a “transaction account” belonging to a consumer. A transaction account is a deposit or other account from which the owner makes payments or transfers. PG. 1 Financial institutions and creditors soon will be required to implement a program to detect, prevent, and mitigate instances of identity theft. Federal Trade Commission - Bureau of Consumer Protection - Division of Consumer & Business Education

23. New ‘Red Flag’ Requirements for Financial Institutions and Creditors will Help Fight Identity Theft PG. 2 A creditor is any entity that regularly extends, renews, or continues credit ; any entity that regularly arranges for the extension, renewal, or continuation of credit ; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies. Where non-profit and government entities “ defer payment” for goods or services, they, too, are to be considered creditors. A covered account is an account used mostly for personal , family , or household purposes , and that involves multiple payments or transactions. A covered account is also an account for which there is a foreseeable risk of identity theft. Federal Trade Commission - Bureau of Consumer Protection - Division of Consumer & Business Education

24. PG. 3 Federal Trade Commission June 2008 For The Consumer ftc.gov 1-877-FTC-HELP Complying with the Red Flag Rules The program must also describe appropriate responses that would prevent and mitigate the crime….. The program must be managed by the Board of Directors or senior employees … include appropriate staff training , and provide for oversight of any service providers. Under the Red Flags Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs — or “red flags” — of identity theft. Federal Trade Commission - Bureau of Consumer Protection - Division of Consumer & Business Education

27. "Many businesses don't realize, that even though the FTC isn't enforcing compliance, it doesn't mean those businesses won't be liable if a data breach or loss of information occurs," (Debra Geister, Director of Fraud Prevention and Compliance Solutions at Lexis-Nexis .) The key issue is that the law was effective January 1, 2008. The enforcement date begins May 1, 2009. Red Flag Rules Red Flag Rules recently became effective in January 2008, and compliance was originally required by November 2008. The FTC’s enforcement of the Rule has been extended to May 1, 2009: Bank Info Security - ID Theft Red Flags Rule: FTC Extension is no 'Break' Enforcement Delayed for FTC-Governed Institutions; Liability is Not November 12, 2008

31. Law Firms Are Looking for Victims “ Do you suspect that a large corporation or your employer has released your private information (through an accident or otherwise)? If you are one of many thousands whose confidential information was compromised, you may have a viable class action case against that company. Contact an attorney at the national plaintiffs' law firm of Lieff Cabraser to discuss your case. Lieff Cabraser defends Americans harmed by corporate wrongdoing.” “ Instead of losing our identities one by one, we're seeing criminals grabbing them in massive chunks -- literally millions at a time.”

32. Employers must create an Identity Theft Risk Management Program to Minimize your Risk

36. Announcement of Employee Training

37. All Employee Training is done by Certified Identity Theft Risk Management Specialist through the Institute of Fraud Risk Management. www.tifrm.net

38. ID Theft Plan and Sensitive and Non-Public Information Policy

39. The purpose behind an Identity Theft Sensitive and Non-Public Information policy is to protect the non-public information (NPI) and Personally Identifiable Information (PII) an employer collects from customers and employees. This Information can be names, addresses, phone numbers, credit card numbers, drivers license numbers, bank account numbers, social security numbers etc. Basically any data that identifies an individual and could be used to steal his or her identity.

41. Cont’d – This form or one similar is required by the FTC for all employees* * FTC – Protecting Personal Information A Guide For Business pg 15 Use of Confidential Information By Employee I_______________ As an employee of _________________ I do hereby acknowledge that I must comply with a number of state and federal laws which regulate the handling of confidential and personal information regarding both customers/clients of the company and it’s other employees . These laws may include but not limited to FACTA, HIPPA, the Privacy Act, Gramm/Leach/Bliley, ID Theft Laws (where applicable). I understand that I must maintain the confidentiality of ALL documents, credit card Information, and personnel information of any type and that such information may only be used for the intended business purpose. Any other use of said information is strictly prohibited . Additionally, should I misuse or breach and personal information of said clients and or employees, I understand I will be held fully accountable both civilly and criminally, which may include, but no limited to, Federal and State fines, criminal terms, real or implied financial damage incurred by the client, employee or the company. I have received a copy of the company’s Sensitive and Non-Public Information Policy . I understand and will fully comply with its provisions along with all other rules and regulations the company has in place regarding the handling of confidential information so as to protect the privacy of all parties involved . I also acknowledge that I have participated in a company sponsored Privacy and Security Identity Theft Training Program. ________________________________________ __________________ Employee Signature Date ________________________________________ Witness Signature

44. Our Mitigation Plan is provided by two NYSE companies, Kroll Risk Consulting Co. & Pre-Paid Legal Services A mitigation plan that includes Credit Montoritoring , full Restoration and access to Legal Counsel can reduce your risk and exposure to Identity Theft Credit Monitoring Access to Legal Counsel Restoration

47. Access to Legal Counsel provided by Pre-Paid Legal Services, a 36 year old New York Stock Exchange Company, represented by 48 provider laws firms and thousands of referral attorneys throughout North America

48. Provide Proof a Mitigation Plan was offered to Your Employees

49. The Advisory Council was established to provide quality counsel and advice. Legal Advisory Council Duke R. Ligon Advisory Council Member Former Senior V.P. & General Counsel Devon Energy Corp Grant Woods Advisory Council Member Former Arizona Attorney General Andrew P. Miller Advisory Council Member Former Virginia Attorney General Mike Moore Advisory Council Member Former Mississippi Attorney General

51. Just like OHSA, the American Disability Act or HIPAA, Privacy and Security laws are not optional . We can assist your company in starting the compliance process and create an affirmative defense before a data breach, loss, or theft affects your employees or customers! Take Charge The next step is to schedule the required employee training and set up the other reasonable steps to help reduce your liability to these Identity Theft Laws. The compliance enforcement date is fast approaching. Who is the individual, at your company, that will coordinate this activity ?

52. Thank You! Identity Theft Risk Management Group, LLC