IAPP-GDPR Web Banners-300x250-FINAL

New Identity Theft Scam Targets Executives
Debix, the Identity Protection Network, is warning corporate executives to be aware of identity theft specifically targeted to them.

Debix, joined by LooksTooGoodTo BeTrue.com, a Web site funded by the United States Postal Inspection Service, the Federal Bureau of Investigation and the Merchant Risk Council, are advising executives and businesses to take precautions to prevent fraudsters from accessing their lines of credit by stealing the identity of their business executives.

Working with industry and law enforcement, the groups have found a scam in which an ID thief defrauds businesses by stealing the identity of a business executive at a publicly traded company, where personal information such as date of birth, address and phone number are easily accessible in public records. The fraudster then applies for a new credit account at an online retail store in the name of the company and uses the executive's information as a personal guarantee.

The fraudster then orders costly equipment, such as computers, which would quickly deplete the credit line. By the time the retailer sends the delinquent account to collections, the criminal has moved on to the next victim.

"Because these are business lines of credit, often in excess of $20,000, the fraud losses are quick and substantial," said Julie Fergerson, VP of Emerging Technologies at Debix and Co-Founder and Board Member of the Merchant Risk Council. "The good news is executives and business can both take simple steps to protect themselves."

Debix and the Merchant Risk Council, a non-profit organization dedicated to helping merchants prevent fraud, recommend that executives place a fraud alert on their credit files. After a request is made for credit, the creditor would be required to contact the telephone number placed in the executive's credit file before issuing new lines of credit.

Class Action Lawsuits Cropping Up Over Credit Card Receipts
Companies that collect or process credit cards should be aware of a new set of lawsuits related to the printing of credit card numbers on receipts, advises Kirk J. Nahra, CIPP, of Wiley Rein LLP and Editor of The Privacy Advisor.

In a recent communication, Nahra informed clients that a new series of class action lawsuits - brought primarily in California, but expanding around the country - stem from section 1681c(g) of the Fair Credit Reporting Act, a new requirement from the Fair and Accurate Credit Transactions (FACTA) law that prohibits the printing of full credit card numbers on receipts.

Plaintiffs' class action lawyers are taking the position that FACTA permits statutory damages of up to $1,000 per willful violation of the law, as a means of attempting to avoid more common problems related to a lack of damages in certain privacy and security cases.  

The Bureau of National Affairs reports that more than 100 of these suits have been filed in California. A limited number of cases have been filed in other states.

While these suits are new, there has been one early decision testing part of this theory. In a case involving Ikea (Eskandari v. Ikea U.S. Inc, C.D. Call. No. 8:06-cv-01248-JVS-RNB (March 12, 2007), the court issued the first decision in this area, ruling on Ikea's assertion that the Fair Credit Reporting Act did not create a private cause of action for violation of this FACTA provision. The court, in a brief decision, held that the "plain language" of the statute "provides a private right of action for consumers." Accordingly, while this is only the first step in what is likely to be a much more significant battle, the court has allowed this case to go forward.

Companies should review promptly their policies related to credit card receipts, Nahra said. They also should begin to review more aggressively the overall requirements of the FACTA law, including such broadly applicable provisions as the "disposal rule" related to the disposal of consumer report information.

Richard Thomas Reappointed as UK Information Commissioner
Richard Thomas has been reappointed to a second term as Information Commissioner for the UK. Thomas' current five-year term expires in Nov-ember 2007, after which he will serve another two years until June 2009.

"I am obviously very pleased to be asked to continue for the next two years," Thomas told the IAPP. "It is a real privilege to lead the ICO and a very satisfying and rewarding role to ensure that both Freedom of Information and Data Protection are being taken seriously and bring real benefit to the public. I have also very much enjoyed my contact with the international privacy and data protection community and look forward to this further period of cooperation."

Thomas was a keynote speaker at the IAPP Privacy Summit 07 in Washington, D.C. His previous career has included serving as Director of Public Policy at Clifford Chance (the international law firm), Director of Consumer Affairs at the Office of Fair Trading, Head of Public Affairs and Legal Officer at the National Consumer Council and Solicitor with the Citizens Advice Bureau Service. He also has held various public appointments, including membership of the Lord Chancellor's Civil Justice Review Advisory Committee and the Board of the Financial Ombudsman Service.

Most Trusted Companies for Privacy Receive Accolades
TRUSTe and the Ponemon Institute have announced the results of the 2007 Most Trusted Companies for Privacy Study, an annual evaluation of how consumers perceive organizations that collect and manage their personal information. The study ranks companies and federal agencies by industry and compile a list of the overall top performing companies.

For the second year in a row, American Express was rated the top company for privacy trust, followed by Charles Schwab and IBM. Last year's top three were American Express, Amazon and Procter & Gamble. Previous years' winners have included E-Loan, Hewlett-Packard and eBay.

The survey is a Web-based study that gathers information from participants over a six-week period, which ended in February 2007. Responses related to more than 200 companies were analyzed and ranked.

"The Most Trusted Companies for Privacy Study is one of the most interesting and important studies of the year as it gives us a picture of how the public's perceptions change from year-to-year and how different companies respond to evolving privacy challenges," said Larry Ponemon, CIPP, Chairman and Founder, Ponemon Institute. "While we read the bad news in the headlines, it is clear that there are many companies that have put on the mantle of privacy leadership, and that are setting a stellar example for others to follow with their superlative privacy and data security programs."

The executive summary and survey results can be found at www.truste.org/ pdf/2007_Most_Trusted_Companies.pdf.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»