Keeping Current on Privacy, November 24, 2008

Presentation by Lauren Steinfeld, Chief Privacy and Institutional Compliance Officer to Penn Association of Senior and Emeritus Faculty (PASEF).

Joining Penn in 2002, Ms. Steinfeld brings to the University and the Health System a uniquely valuable portfolio of expertise and experience in privacy matters. She served as Associate Chief Counselor for Privacy at the Office of Management and Budget, Executive Office of the President. At the White House, she helped develop privacy policy for the Administration in the areas of medical records, financial data, online privacy, Social Security numbers, public record information, government records and others. Before arriving at OMB, Ms. Steinfeld served as Attorney Advisor to Federal Trade Commissioner Mozelle Thompson. As an advisor, she was involved in the legal and policy aspects of some of the first Internet- and privacy-related cases brought by the FTC. Ms. Steinfeld graduated Phi Beta Kappa and magna cum laude from the College at Penn in 1989 and received her J.D. from NYU School of Law in 1992.

A summary of her presentation follows.

Identity Theft - Protecting your Data

Identity theft is a relatively easy crime to commit, once a person has access to certain personal information:

• Social security numbers
• Credit card numbers
• Address
• Date of birth

Protect Yourself Offline

• Don't carry cards with social security numbers - theft of wallet can lead to ID theft
• Shred documents that are no longer need.
  • Employee resource fair - shredding truck for personal documents
• Question those who ask for your social security number.
• Challenge those who print full credit card numbers on sales slips.

Protect Yourself Online

• Run Spider or ID Finder to search for old social security numbers.
• Secure shopping - signs to look for:
  • https
  • Review pop-up warnings
• Blogging - do not share your birth date or address if not necessary.
• Phishing
  • Earlier forms
  • Current spear fishing threats
  • What to watch for - anti-phishing phil as educational tool (demo)

Safe Use of Technology

• Computer Security - How ID theft is occurring these days
• Key Stroke Logger + Credit Reports
  • Security suite - AV, firewall, patches
  • Wireless networks - keep them secure
  • Portable devices - major risk area
  • Password practices
    • Strength
    • Privacy
    • Do not save in cache

Identity Theft - Proactive Services

• Free credit report at
• Fraud alerts
  • 90 Day Initial Fraud Alerts - concern over ID theft
  • Extended Alert - 7 years - requires a police report
• Credit monitoring services
  • 3 CRAs and others offer this type of service
• Debix-type offering
  • strong product; more preventive
• Credit Freeze
  • Significant privacy protection but downsides as well

• Opting out of pre-approved credit offers - call 1-888-5-OptOut
• National Do Not Call Registry http://www.donotcall.gov
• Shredding Services
  • University Records Center assists in Penn operations

• Special Resource Page New on Privacy Website
• http://www.upenn.edu/privacy