NC Identity Theft Act: Short Summary
North Carolina passed the Identify Theft Protection Act of 2005 in December 2005. Although this act is focused on protecting financial information, it also addresses the protection of personal information that can be used to gain access to that information. Due to this fact, the university falls under this legislation. Below is a summary of the major impact:
- Social Security Numbers (SSNs) may not be transmitted over the Internet in unencrypted form.
- SSNs may not be used for authentication without other identifying information.
- SSNs may not be printed on any material mailed to an individual unless specifically required by federal law.
- Individuals must be notified of security breaches when there’s a reasonable likelihood that their “identifying information” has been compromised.
- Identifying information covers a wide range of data, including SSNs, bank account numbers, driver’s license numbers, biometric data (fingerprints), passwords, and parent’s legal surname prior to marriage (often used by financial institutions as a form of authentication).
- A violation of this act can result in significant monetary damages, exposure of personal information that could result in damages to the individual, and security breaches that could tarnish the reputation of the university.
For additional resources for protecting sensitive data, refer to Guidelines to Protect Sensitive Data and Safe Computing Guidelines.