Embed Size (px)
Citation preview
Smarter Decisions. Safer World.
ICAE ConferenceIdentity Theft
Review
Steve Keen
2
“Achieve industry-leading credentialing, compliance and privacy program objectives that reinforce the responsible use and protection of ChoicePoint data and services and continue to build credibility with the privacy community and the public”
• Policy Review and Development• Customer, Employee and Vendor Compliance• Outreach & Communications
ChoicePoint’s Strategic Goals & Direction
3
2005 Organizational Actions
• Created independent office of Credentialing, Compliance and Privacy that reports to the Board of Directors
• Established full-time liaison with law enforcement
• Engaged Ernst & Young to conduct a best practices study of ChoicePoint
• Established Corporate Credentialing Center
4
Identify Theft Related Processes
• Free Consumer Reports – Fact Act, Public Records, File Disclosure
• Marketing Opt Out Program• File Freeze Compliance Program for:
– (NV - 10/05, NJ - 1/06, ME - 2/06)
• Consumer Verification (Manual/Smart Questions)• Customer Credentialing – Physically/Electronically• Mask Personally Identifiable Information (PII)• Eliminated support for Non-Sponsored Agents
5
Technology Solutions Implemented
• Password Reset using Biometrics (Voice Prints)
• US Internet Access Policy• External/Internal Server Scans• Eliminating contributions on Physical Media• Encryption (SSL, SFTP, PGP)
6
Selected Best Practices to Consider
• External E-Mail Scrutiny• Enhanced Network/Access Security Tools
– (Two Factor Login, IDS, IPS)
• Physical Office Security Review• Employee Security Awareness Program
7
External/Public Efforts
• Identity Theft Resource Center – www.idtheftcenter.org
• Privacy at ChoicePoint– www.privacyatchoicepoint.com
• Visits to Customers and Conferences
8
CSO Identity Theft Survey – 7/21/2005
Source: CSO Magazine Out of 389 CSO’s and senior Security Executives
• 58% - Identity Theft can be prevented• 29% - Will happen regardless of consumer
precautions• 74% - Both the consumer and lax security at
organizations was to blame• 16% - Due to an organizations failure to protect
data
