Skip to main content

Author: Crown Information Managment

Crown Information Management is a “TOYS for TOTS” Official Collection Point

Crown Information Management will once again be a TOYS for TOTS Official Collection point this year. Our goal is to collect 500 toys! If you are one of our regular Route Customers you may give your toy donation to our service technicians.

The Toys for Tots Campaign collects new, unwrapped toys in the weeks leading up to Christmas by placing collection bins in local businesses, like Crown Information Management. Once the toys are collected, Toys for Tots distributes these Christmas gifts to less fortunate children in our community. Donated toys should be unwrapped. Toys are collected for all aged children from infants to teenagers. Often times, pre-teens and teenagers are left out, as they can be more challenging to shop for. Please keep these teenage boys and girls in mind while you do your holiday shopping.

The U.S. Marine Corps Reserve Toys for Tots program has helped less fortunate children experience the joy of Christmas by uniting communities in the spirit of giving. We Thank You in advance for your contribution!

Medical Identity Theft

Medical ID TheftIs Your Doctor Safeguarding Your Information?

Identity Theft – and Medical Identity Theft in particular – are on the rise. More than 250,000 Americans have had their medical information stolen and misused in recent years. And this isn’t petty larceny. Experts note that while individuals who have had their credit-card data stolen are usually wrangling with their banks over losses of as little as a few thousand dollars, medical ID theft can leave victims, and the doctors and hospitals that provided the care, staring at bills that are exponentially higher.
“The American Medical Association will continue its leadership in protecting the confidentiality, integrity and security of patient specific data,” said Robert Mills, spokesman for the American Medical Association in Chicago. “The patient is paramount in the practice of medicine and everything that can reasonably and lawfully be done to serve that interest must be done by all physicians who have served or are serving the patient”.
Law enforcement authorities say that more and more frauds are being perpetrated by organized crime rings who steal dozens, and sometimes thousands, of medical records, as well as the billing codes for doctors. The rings then set up fake medical clinics—offering free health screenings as a ruse to draw in patients—that submit bogus bills to insurers, collect payments for a few months, and then disappear before the insurers realize they’ve been had. Health records now fetch $50 to $60 each on the black market, vs. a mere 7 cents for stolen résumés.

Last year, California authorities busted a ring that recruited patients from a local senior citizen center with offers of a free checkup and a case of Ensure nutritional supplement. In the three months before authorities raided the clinic, the ring had billed $900,000 for diagnostic tests it had never performed. “Yesterday’s drug dealers are now working in today’s health-care fraud,” says John Askins, an investigator in Florida’s state insurance fraud division. “It’s more lucrative, and they don’t face the same dangers they do in the narcotics trade.” The penalties, if they’re caught, are lower, too.

Health-care providers say the Bush Administration’s initiative to push doctors and hospitals to convert their paper-based patient files into digital records should help reduce the number of medical ID frauds. “Our software has become more sophisticated, particularly in identifying spikes in usage—someone who normally goes to the doctor once a year and suddenly goes 25 times in a 12-month period. It’s a red flag,” says Byron Hollis, national anti-fraud director for the Blue Cross Blue Shield Assn., a trade group for 39 health plans.

But some privacy advocates fear that the rush toward digital health records could ironically create new nightmares for victims of medical ID theft. Rather than residing in a single doctor’s paper files, fraudulent information could circulate in other medical databases across the country. Given that some medical ID thefts are “inside jobs,” wherein rogue clerks sell patient data to fraudsters on the outside, privacy advocates believe that allowing data to flow more freely around a national network could make such thefts even easier. “they can expect [medical ID theft] to grow the more they move toward an electronic health-care system. It’s going to be a disaster,” says Dr. Deborah Peel, an Austin, TX psychiatrist and founder of the Patient Privacy Rights Foundation.

So what can the medical community do to help stop this nightmare and keep our reputations in tact? There are some very simple & inexpensive steps that can be taken to help safeguard the patients information and the Doctor’s reputation.

1) First, they can run criminal background checks on all employees and continue to run them on a routine basis.

2) Another simple thing they can do is take pictures of the patients. Digital cameras are inexpensive and the photo can be downloaded directly into the patients record. When the patient comes, in they simply match him to his patient identification that they have on file. If there is something that doesn’t quite match up then they can request more documentation from the patient.

3) Third, When it’s time to update the equipment, they can have the old computers and hard drives, etc. destroyed by a professional destruction service.

4) Another important thing they can do is to provide training for staff on records management and security. “I can’t tell you how many times I have walked into offices and found stacks of records just sitting on desks, open to anyone who walks by. Worse yet are the huge number of file boxes stacked and dated with information available to anyone who has access to the offices, such as a janitorial staff, or courier service, even other patients.” says Marylee Jacobs of CROWN SHREDDING. “ Simple training on how to manage the desk area and create new habits, could deter huge losses.”

5) Staff equipped with individual, secured desk consoles is one of the best ways to help companies manage their risk for identity theft. They spend large amounts of money on equipment for the office, such as computers and copiers – but because they have not established the habit of utilizing security consoles with document destruction services – they neglect the security of the patients, clients and customers, not to mention their own reputation! By not spending money on secure document destruction they potentially risk their practice.

Victim of Identity Theft?

What to do if you might be a victim of identity theft . . .

Those of us in the information security business talk about identity theft all the time. Identity Theft has risen 13% from 2010 to 2011. We thought it might be a good idea for our clients to have a check list of things to do if you feel you have become a victim. Remember: “THIS IS NOT LEGAL ADVICE”. It’s just a suggestion on where you can start when you feel victimized!

Call the IRS and inform them you believe you are a victim of identity theft. (Often the way you will find out that something is amiss is when you don’t receive your refund check. It may have been issued to the thief who has assumed your identity).

Fill out IRS Form 14039 and fax or mail back to IRS.

Contact the Social Security Administration ( If you go to their website they have an Identity Theft webpage). If you contact them by phone they will tell you to contact the Federal Trade Commission.

Contact the Federal Trade Commission (877-438-4338). After you contact them by phone, you will be sent an Identity Theft Complaint Affidavit.

Contact your local police department and tell them you have been a victim of identity theft. Make sure you get a case number and follow up in a few days to get the full police report. Make sure you put that police report in your Credit bureau file.

Contact one of the three credit bureaus:
Equifax at 800-525-6285, Trans Union at 800-680-7289, or Experian at 888-397-3742.Tell them you are entitled to make a victim-of-fraud statement that will be put into your credit history along with your police report.

Individual Identity Theft

Individual ID Theft
During various season throughout the year, many of us will be traveling on vacations and to share holiday time with our friends and loved ones. We laugh, shop, eat, attend parties and do whatever we can to bring joy the trip!

Below are a few “Helpful Hints” to protect you and your family from becoming possible victims of Fraud or Identity Theft. Also remember that Children are often victims of identity theft too – so check those credit reports for everyone in the family!
Make the Call: If you’re traveling during vacations or holidays take the time to let your credit card companies know in advance.

Air Travel: When traveling by plane keep all important documents with you in the plane. Never put them in luggage others will have access to when you’re not around!

Secure Locations: Don’t use ATM’s from any location except banks and reputable stores. This will help protect you from temporary and fly by night machines set up to access your sensitive information.

Shoulder Surfing: Those who either purposely overhear conversations or look over shoulders for information to “borrow” sensitive information. Take a few extra moments to protect credit cards, driver’s licenses and checks from wandering eyes.

Credit Card Receipts: Businesses must now truncate all but the last five numbers on credit card numbers on the customer copy of receipts. Place that receipt in a secure location in your wallet.

Credit Card Skimming: Credit card skimming occurs when a clerk slides your credit card through a second machine that scans the information from the magnetic strip and stores it until it is downloaded onto a counterfeit card. The golden rule is “Out of sight, out of control.” Information Protection: Shred any receipts you no longer want, especially those with credit card numbers on them. Lock up any documents with financial, credit or social security information on them BEFORE allowing guests into your home for that holiday party.

Dumpster Diving: We all get more mail than we can deal with at this time of year. Take the time to look through each envelope. Don’t assume an envelope contains a business gift card or advertisement. It may well be a pre-approved credit card offer or transfer balance check that looks a greeting card.

On-line Shopping: Keep a printout of the web page(s) describing the item you ordered, any email messages, and the page that shows the seller’s name, address, telephone number and return policies should you have any problems. Never provide a social security number.

In Your Wallet: Minimize what you carry with you. Leave extra credit cards, check books, deposit slips and debit cards at home. Debit cards are not credit cards: They are a direct link to your bank account. Debit cards electronically transfer money immediately. Don’t use bank cards, ATM cards or checks. Fraudulent charges are much easier to remove from a credit card versus a bank card.

Victim of Identity Theft?

What to do if you might be a victim of identity theft . . .

Those of us in the information security business talk about identity theft all the time. Identity Theft has risen 13% from 2010 to 2011. We thought it might be a good idea for our clients to have a check list of things to do if you feel you have become a victim. Remember: “THIS IS NOT LEGAL ADVICE”. It’s just a suggestion on where you can start when you feel victimized!

Call the IRS and inform them you believe you are a victim of identity theft. (Often the way you will find out that something is amiss is when you don’t receive your refund check. It may have been issued to the thief who has assumed your identity).

Fill out IRS Form 14039 and fax or mail back to IRS.

Contact the Social Security Administration ( If you go to their website they have an Identity Theft webpage). If you contact them by phone they will tell you to contact the Federal Trade Commission.

Contact the Federal Trade Commission (877-438-4338). After you contact them by phone, you will be sent an Identity Theft Complaint Affidavit.

Contact your local police department and tell them you have been a victim of identity theft. Make sure you get a case number and follow up in a few days to get the full police report. Make sure you put that police report in your Credit bureau file.

Contact one of the three credit bureaus:
Equifax at 800-525-6285, Trans Union at 800-680-7289, or Experian at 888-397-3742.Tell them you are entitled to make a victim-of-fraud statement that will be put into your credit history along with your police report.

Corporate Identity Theft

Corporate ID TheftYou and your staff work hard at meeting all the compliance requirements for HIPAA. It would be easy to forget that as a business you also are required to be FACTA compliant as well. FACTA stands for Fair and Accurate Credit Transaction Act. It is generally known as the law which allows Americans access to their credit report once per year. So what could this law possibly have to do with you?

Whether you have 1 employee or 1 million, the liabilities associated with the privacy laws apply to your business. If you’re not keeping up it could destroy your bottom line. In 2006, the VA had 1.6 million records stolen. Fallout from that one incident led to the end of many careers and the individuals whose records were compromised have the right to sue for financial damages.

That’s a lot of lawsuits and even more money. As businesses, we can no longer afford to be lax about protecting our customers’ personal information – and our own. Business identity theft, like personal identity theft, is also rising significantly.

What can Businesses Do to Prevent Identity Theft?
First, to prevent identity theft, we need to follow basic security practices to physically protect our customers’ personal information and other business data. Second, we need to ensure that our information systems, such as computer networks, aren’t open targets for identity theft.

Secure your business premises with locks and alarms.
Alarm systems are effective deterrents to criminals thinking of breaking into your business, including those persons intent on identity theft – especially alarm systems that are monitored by a security company. Make sure external doors have deadbolts and that exposed windows are secured with security film, bars, screens or shatter-proof glass.

Put your business records under lock and key.
Store your physical business records, such as customer records and other data on paper, in locking filing cabinets – and lock the filing cabinets at night, or at those times during the day that you and your staff will not be “supervising” access (such as lunch time). Put copies of system and database backups and “important” business data in your safe (or in your security deposit box at the bank if you don’t have an on-site safe).

Shred, Shred, Shred!  
Business records of any kind should never just be tossed into the trash or recycling bin where they can become a bonanza for criminals intent on identity theft; instead, all business records that you no longer have a use for should be shredded. Businesses that operate out of small and home offices can buy inexpensive shredders at any office supply store; for businesses with volumes of material to be disposed of, there are shredding services that will come and do what needs to be done.Pay special attention to the mail, a favorite source for identity theft. Anything that has your name and address on it should be shredded, and that includes most bills.

Be cautious on the phone.
It’s easy for someone to pretend to be someone they’re not on the phone. Whether it’s someone who wants personal information on a particular customer, or someone who claims they need to verify one of your personal accounts, don’t give out information over the phone unless you can positively confirm the caller’s identity.
The Better Business Bureau warns “Information thieves and stalkers tell authorities over and over how easily they were able to obtain all sorts of valuable information simply by calling small business owners or personnel departments and asking. Posing as government agencies or credit grantors or health insurance providers, these thieves have found that a well-crafted, believable story can often get past the best locking file cabinets or password-protected computers,”

Limit access to your computers.
Your computer network needs to be password protected, of course, so that anyone who wanders through your office can’t just access your network. But you also need to consider issues of internal network access. Does every employee need to be able to access programs or databases that may contain sensitive information? Passwords protect these, too, and grant access on a “need-to-know” basis to help cut down identity theft.

Protect your computer from hackers.
Hacking into company systems and databases appears to have become a favorite identity theft technique – perhaps because in so many cases, it’s so easy. Your computer network needs to be protected by firewalls, which help keep out intruders by shutting out unauthorized people and letting others go only to the areas they have privileges to use. You can purchase firewalls at any computer store (or online). Another option for small or home businesses is to purchase and install a small (four to eight port) router. These often have firewall protection capability. If you’re running Windows operating systems, it’s also important that you keep your operating system updated, installing the various patches as they come out. Often these patches are fixes for security holes. (If you use Windows XP, you will be alerted automatically to these updates.)

Be aware the Internet is a dangerous place.
Ordering something off the ‘Net using a credit card is not dangerous, as long as you are placing your order through a secure site. However, there are other dangers, such as Spy ware and viruses that attempt to download automatically when you or your employees visit certain sites. If you are using Internet Explorer, make sure that you go to “Internet Options” and set the security options to a higher setting on each computer; the default is set to allow just about anything to download.
If your company has a web site, be careful as to what kind of information you post on your site and how. If you are going to place sensitive information on the ‘Net, (something you should be very cautious about), such as financial data or customer databases, it needs to be password protected and encrypted.

Avoid broadcasting information.
The other day I made a purchase at a computer store. The associate asked me for my phone number and popped up all my personal information on a terminal in front of him – right in plain view of five other customers! I was tempted to ask him if he wanted to read it all off out loud to make it even easier for them all to remember it.
This sort of cavalier sharing of personal information, which makes identity theft so easy, has to stop. Train your employees to be sensitive to customer information issues, making sure they keep customer information private when they’re dealing with individual customers. Turning computer screens so that they can’t be viewed by anyone except the operator is a simple thing. Practices such as not repeating customer information out loud or not leaving files with customer information lying open on counters should also be put in place.

Create and enforce a company wide security policy.
The purpose of your security policy is to educate your employees about issues such as identity theft and data protection. It should include information on email policies (such as what email filters are in place and how to deal with suspicious email), computer network access, Internet use policies (such as how to increase browser security settings and safe practices, such as disconnecting from the ‘Net when they’re done using it), customer information protection strategies, and how to report incidents or violations. In other words, a manual of the issues involved with security and threats such as identity theft and what to do about them.

Disconnect ex-employees immediately.
When employees no longer work for your business, you need to be sure that their access to your computer network and company data is cut off immediately.
Will all this create more trouble and expense for your small business? Yes. But unfortunately, with identity theft becoming rampant, taking these steps to prevent identity theft for you and your customers is necessary.

Victim of Identity Theft?

What to do if you might be a victim of identity theft . . .

Those of us in the information security business talk about identity theft all the time. Identity Theft has risen 13% from 2010 to 2011. We thought it might be a good idea for our clients to have a check list of things to do if you feel you have become a victim. Remember: “THIS IS NOT LEGAL ADVICE”. It’s just a suggestion on where you can start when you feel victimized!

Call the IRS and inform them you believe you are a victim of identity theft. (Often the way you will find out that something is amiss is when you don’t receive your refund check. It may have been issued to the thief who has assumed your identity).

Fill out IRS Form 14039 and fax or mail back to IRS.

Contact the Social Security Administration ( If you go to their website they have an Identity Theft webpage). If you contact them by phone they will tell you to contact the Federal Trade Commission.

Contact the Federal Trade Commission (877-438-4338). After you contact them by phone, you will be sent an Identity Theft Complaint Affidavit.

Contact your local police department and tell them you have been a victim of identity theft. Make sure you get a case number and follow up in a few days to get the full police report. Make sure you put that police report in your Credit bureau file.

Contact one of the three credit bureaus:
Equifax at 800-525-6285, Trans Union at 800-680-7289, or Experian at 888-397-3742.Tell them you are entitled to make a victim-of-fraud statement that will be put into your credit history along with your police report.

Defining a Business Record and Developing a Records Management Framework

Since we are starting a new year, I thought it might be nice to start with some information helpful to creating a records management system. Since information is the most import asset an organization has, the beginning seemed like a great place to start.

The International Standard on Records Management defines records as such:
ISO 15489: “information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business”.

This definition makes it clear that we are not just talking about our old archival records but about everyday information that we create in our work situations. This information may take several forms and include audio files, photographs, video, emails, and any form of social media.

ARMA International has created a framework referred to as “The Principles” which are generally accepted recordkeeping principles. These guidelines were examined by legal and IT professionals who reviewed and distilled global best practice resources. These included the international records management standard ISO15489-1 from the American National Standards Institute and court case law. The principles were vetted through a public call-for-comment process involving the professional records information management (RIM) community.

This framework supports organizations immediate and future regulatory, legal, risk mitigation, environmental and operational requirements.

The Principles have eight points for creating information governance best practices:
Principle of Accountability – An organization shall assign a senior executive who will oversee a recordkeeping program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel and ensure program audit ability.
Principle of Transparency – The processes and activities of an organization’s recordkeeping program shall be documented in an understandable manner and be available to all personnel and appropriate interested parties.
Principle of Integrity – A recordkeeping program shall be constructed so the records and information generated or managed by or for the organization have a reasonable and suitable guarantee of authenticity and reliability.
Principle of Protection – A recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity.
Principle of Compliance – The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as the organization’s policies.
Principle of Availability – An organization shall maintain records in a manner that ensures timely, efficient, and accurate retrieval of needed information.
Principle of Retention – An organization shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational and historical requirements.
Principle of Disposition – An organization shall provide secure and appropriate disposition for records that are no longer required to be maintained by laws and organizational policies.

10 Million Fell Victim To ID Theft in 2002

Comprehensive government study of identity theft turns up . . .

WASHINGTON DC – Even federal regulators were surprised by what the most comprehensive government study of identity theft turned up: nearly 10 million victims and a loss of $53 billion for businesses and consumers last year alone. And those numbers probably are low because many identity thefts go unreported, Federal Trade Commission officials said Wednesday.

It is a crime of the times. It is a growing crime, said Howard Beales, the FTC’s consumer protection director. “Unfortunately, a fair number of thieves have found it’s a fairly easy way to make money.” The FTC did a random telephone survey of 4,057 adults to try to gauge the extent of identity theft crimes in the last five years. It found 27.3 million people were victimized when someone made unauthorized charges on their credit cards, took money from their bank accounts, or obtained a credit card or official document in their name.

In 2002 alone, the cost was $48 billion for businesses and $5 billion for consumers. Beales said the number of victims was higher than he expected. In 2002, for example, the FTC received 161,819 complaints about identity theft. The commission has set up a Web site with tips on how to avoid identity theft, www.consumer.gov/idtheft and urges consumers to carefully review their credit card statements each month, destroy charge slips rather than simply throw them in the trash, and check their accounts annually with the three credit reporting bureaus. |

The agency also urged financial institutions to pay more attention to whom they are extending credit. Wayne Abernathy, the Treasury Department’s assistant secretary for financial institutions, said the FTC’s report underscores the need for Congress to act. The Bush administration favors legislation that would create a national fraud alert system and improve the accuracy of credit reports. “The problem is so great and its impact on consumers so terrible that we should not delay giving consumers and law enforcers these important new tools to fight identity theft,” he said.

But Rob Schneider of Consumers Union said the administration backed bill- the Fair Credit Reporting Act – would undermine efforts to curtail identity theft. One provision would invalidate state laws such as on recently signed by California Gov. Gray Davis that lets consumers bar companies from sharing information with an affiliated firm in a different business.

The FTC survey found more than half the victims discovered the problem by checking their accounts, and another quarter was alerted by their banks to suspicious activity on their cards. Of the 9.9 million victims last year, 5.2 million discovered unauthorized charges on existing credit card accounts, and 1.5 million found new accounts were opened by others in their names.

By Jonathan D. Salant,  Associated Press

Law Firm Dumps Confidential Files

1000’s of abandoned confidential client files found in public garbage bin . . .

FORT MYERS, FL – A defunct law firm abandoned tens of thousands of confidential files containing personal information on their clients for years until a landlord threw them in a public garbage bin, a local television station is reporting.

Attorneys for the former firm of Annis, Mitchell, Cockey, Edwards and Roehn, abandoned the files after their firm closed. Ten thousand files of closed cases – ranging from divorces to sexual harassment – ended up in the hands of a reporter for WBBH, the television station reported. The files have since been turned over to a local attorney who was formerly employed by Annis Mitchell. The majority of the files remain in the landlord’s possession.

The firm had offices in Tampa, Fort Myers, Naples and Tallahassee before it was dissolved in 2001. A company that was formed as a remnant of the firm has since declared bankruptcy and an order in the bankruptcy case made each Annis Mitchell attorney responsible for their client’s files. “With identity theft the way it is, everything concerns me,” said former client Howard Wheeler, who hired the firm for a number of cases and whose files ended up in the garbage bin.

“It’s totally irresponsible,” said Herb Donica, the firm’s own bankruptcy attorney. “I can’t imagine why those files aren’t protected.”
The TV station reported in broadcasts Friday that the landlord of the former law offices repeatedly contacted the firm’s partners over the past two years asking them to pick up their files. The attorneys only took active files with them, George Vukobratovich told the station. Vukobratovich threw the files out when he finally had to make room for new tenants. The TV station said it was given files marked “confidential” The station said it told former Annis Mitchell attorneys it had the files more than a month ago, but still none of the attorneys tried to get them.

Elizabeth Tarbert, an ethics lawyer for the Florida Bar Association, said attorneys have to protect client files, even if the case is no longer active. The Florida Bar advises attorneys seeking to dispose of closed files to first contact their clients and ask them what they want done with the documents. If the files are to be disposed of, it needs to be done in a way which protects confidential information, such as shredding.

Associated Press

1.9 million Job Losses in 2008

Businesses become victims of financial and non-financial identity theft . . .

In hard economic times, the likelihood of businesses becoming victims of financial and non-financial types of identity theft rises.  One of the most well-known business and corporate identity theft schemes is standard electronic data breaks, or hacking, to retrieve a customer’s personal identification and information.  But new trends include the theft and exposure of sensitive information by an employee of the company, and the abuse of a business’s line of credit by employees in order to purchase merchandise that is then resold.

To avoid such theft and fraud, businesses should identify privacy officers or assemble a team to enforce the rules regarding sensitive customer and employee information.  Businesses should also ensure all electronically stored information is safe.  Educate employees on identity theft and fraud, and the risks they can expose the company to just by visiting web sites, replying to e-mails from unknown senders, and shopping online at work!

It’s On eBay

An easy way for identity thieves to make a living . . .

Kessler International, a New York computer forensics firm conducted a six month study on the availability of information left on computers being resold. The company bought a total of 100 disk drives of various sizes from eBay and what they found was alarming – over 40 of the hard drives had retrievable information on them!
The breakdown of information is as follows:
Personal and Confidential documents, including financial information 36%
Emails 21%
Photos 13%
Corporate Documents 11%
Web Browsing History 11%
DNS Server Information 4%
Miscellaneous Data 4%

Many companies have recycled their old computers and hardware, without thinking about the repercussions of identity theft. They have no system in place that documents the destruction of the information. During tough economic times this becomes an even greater risk both to the company and the contacts of the user of each individual computer. Buying a used computer has now becomes one of the easy ways for identity thieves to make a living.