|
|
Pataki Signs Bills to Thwart ID Theft By
Forrest Whitesides “As all New Yorkers come to rely heavily on the Internet in their daily lives, we must exercise all possible avenues to ensure the safety and privacy of our consumers and protect them from identity fraud,” Pataki stated in the announcement of the bills’ passage into law. “These three laws make certain that New Yorkers have additional tools to combat those wishing to take advantage of them and their families.” Disposal of Personal Records Law Perhaps of most interest to CPAs and other financial professionals is the Disposal of Personal Records Law, which requires any business to “properly dispose of records containing personal information” to ensure that unauthorized person do not have access to the personal information of clients and consumers. The law provides a definition for what the state deems as “proper” disposal of personal information by a business and also specifies what types of information qualify as “personal identifying information.” According to the bill, proper disposal is defined as any method that “shreds the record before the disposal of the record; or destroys the personal identifying information contained in the record; or modifies the record to make the personal identifying information unreadable; or takes actions consistent with commonly accepted industry practices ... [that] will ensure that no unauthorized person will have access to the personal identifying information contained in the record.” For the purposes of the law, “personal information” is defined as any information “concerning a natural person which, because of name, number, personal mark, or other identifier, can be used to identify such natural person.” In relation, “personal identifying information” includes personal information (as previously defined) in combination with the following: Social Security Number, driver’s license number or nondriver identification number, mother’s maiden name, financial services account number or code, or debit card or ATM card number or code. Failure to comply with this law carries a civil penalty of up to $5,000. No proof of damage or injury of any person as a result of violating the law is required in order for a court to asses the penalty. “I think this is a great law in concept,” said William H. Jones, chair of the NYSSCPA’s Taxation of Individuals Committee. “However, no amount of legislation can ensure that a company’s internal policies for data disposal are being followed by the employees. Effective management is the only way to do that. “On the upside, it really seems like Albany is staying ahead of the curve in terms of identifying what the problems are and trying to stay proactive,” he said. Jones said that he does not think that the Disposal of Personal Records Law will cause a wave of change in the CPA profession, because CPAs, as a matter of professional protocol, already are focused on the protection of their clients’ data. “If all businesses were as serious and meticulous about their clients’ privacy as the CPA profession, we probably wouldn’t need laws like these,” he said. Security Freeze Law The Security Freeze Law allows New York consumers, who either are identity-theft victims or are concerned that they might be at risk of having their identities stolen, to curtail outsider access to credit accounts, loans and leases by placing a hold (or “freeze”) on their consumer credit report. In order to enact the hold, consumers must send a written request to a consumer credit-reporting agency by certified or overnight mail and be able to provide proof of identity. Consumers would then be permitted to remove the hold entirely, lift a freeze for specific period of time, or grant a specific party access to their report. Anti-Phishing Act of 2006 The third new law, the Anti-Phishing Act of 2006, prohibits the “deceptive solicitation of personal information through electronic communications.” Under the new law, Internet service providers, affected trademark holders or the New York State Attorney General are authorized to bring an action to recover the greater of actual damages or $1,000 per incidence of violation of the law. Treble damages are also allowed when the court finds that a person has engaged in a pattern and practice of phishing, according to a press release issued by Pataki’s office. Additional Information Pataki signed the three bills into law on June 9, and they are set to go into effect in December of this year. For more information on the new laws, visit the governor’s Web site at www.ny.gov/governor/. The full text of the bills are available on the New York State Senate Web site at www.senate.state.ny.us. |
Print