Identity Theft Gramm-Leach-Bliley Act
Identity Theft Gramm-Leach-Bliley Act presents a challenge to businesses, organizations, and governments, including the Internal Revenue Service. The IRS meets the challenge of tax-related identity theft and is making progress against it with an aggressive strategy of prevention, detection and victim assistance.
Tax-related identity theft remains a top priority. Tax-related identity theft occurs when someone uses a stolen Social Security number to file a tax return to claim a fraudulent refund. A taxpayer’s SSN can be stolen through a data breach, a computer hack or a lost wallet. Although identity theft affects a small percentage of tax returns, it can have a major impact on victims by delaying their refunds.
Here are some tips to protect you from becoming a victim, and steps to take if you think someone may have filed a tax return using your name and Social Security number:
Tips to protect you from becoming a victim of identity theft
- Don’t carry your Social Security card or any documents that include your Social Security number (SSN) or Individual Taxpayer Identification Number (ITIN).
- Don’t give a business your SSN or ITIN just because they ask. Give it only when required.
- Protect your financial information.
- Check your credit report every 12 months.
- Review your Social Security Administration earnings statement annually.
- Secure personal information in your home.
- Protect your personal computers by using firewalls and anti-spam/virus software, updating security patches and changing passwords for Internet accounts.
- Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know who you are dealing with.
Steps for Victims of Tax-Related Identity Theft
- All victims of identity theft should follow the recommendations of the Federal Trade Commission: File a report with the local police.
- File a complaint with the Federal Trade Commission at www.consumer.ftc.gov or the FTC Identity Theft hotline at or TTY 866-653-4261.
- Contact one of the three major credit bureaus to place a “fraud alert’ on your account:
- Close any accounts that have been tampered with or opened fraudulently.
Graham-Leach-Bliley [“GLBA”] Act Provisions
The Gramm-Leach-Bliley Act put several major requirements into place to govern the collection, disclosure, and protection of consumers’ nonpublic personal information or personally identifiable information (PII).
Financial Privacy Rule
This rule requires financial institutions to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter. The privacy notice must explain the information collected about the consumer, where that information is shared, how that information is used, and how that information is protected. The notice must also identify the consumer’s right to opt out of the information being shared with unaffiliated parties pursuant to the provisions of the Fair Credit Reporting Act. The unaffiliated parties receiving the nonpublic information are held to the acceptance terms of the consumer under the original relationship agreement. Identity Theft Gramm-Leach-Bliley Act
This rule requires financial institutions to develop a written information security plan describing its processes and procedures for protecting clients’ NPI. Covered entities must construct a thorough risk analysis on each department handling the nonpublic information, as well as develop, monitor, and test a program to secure the information. If there are changes in how information is collected, stored, and used, the safeguards must be updated as well. The Federal government provides a set of standards for safeguarding customer information.
Security requirements for GLBA
Section 501 of the GLBA, “Protection of Nonpublic Personal Information,” requires financial institutions to establish appropriate standards related to the administrative, technical, and physical safeguards of customer records and information. The scope of these safeguards is defined in the GLBA Data Protection Rule, which states that financial institutions must:
- Ensure the security and confidentiality of customer data
- Protect against any reasonably anticipated threats or hazards to the security or integrity of such data
- Protect against unauthorized access to, or use of, such data that would result in substantial harm or inconvenience to any customer