I have Anthem. What should I do?

Cartoon by Gary Varvel

So since the Anthem data breach occurred, several people who either currently have or have had Anthem coverage have asked me what they should do.  To the best of my knowledge, Anthem has not yet sent out any notification letters informing individuals that their specific information was breached.  But, Anthem seems to know the universe of individuals whose information may have been compromised, and this is what they are using to notify the general public about the scope of the breach that has occurred. Anthem has set up a website to provide information about what happened and what data may have been compromised. For the time being, they are saying that if you are or have been a client of Anthem’s affiliated health plans and/or a member of other independent Blue Cross and Blue Shield plans in the last 10 years (essentially since 2004), you may be impacted.  Many companies who offer insurance through Anthem have posted links or emailed their employees about the fact that the breach occurred.  For my colleagues here at UConn, you may have seen that Kevin Lembo, the Comptroller for the State of Connecticut, has posted a notification to State Employees about the breach on the Office of the State Comptroller’s website.

So back to my post from yesterday:  I have just learned that my information may have been compromised in the Anthem Breach; what do I do?  Well, first I would start with Anthem’s informational website they created about the breach.  Anthem is offering an option for individuals who may have been impacted by the breach to protect themselves for the next 24 months (and some of the services carry over beyond 24 months depending on what you choose to do).

More information about what Anthem is offering through AllClear ID can be found here. But to get you started, AllClear ID is offering a couple of different options to those impacted by the Anthem breach:  AllClear Secure and AllClear PRO.  The services are very different.

So should you consider the services offered through AllClear ID?  Is AllClear ID reputable?  Is taking a wait-and-see approach and using AllClear Secure if you find your identity has been harmed later the right approach? What about the fact that you would have to give AllClear ID your social security number to enroll in AllClear PRO?

Enrolling in services such as those provided by AllClear ID is a personal choice.  If you are not opening up new credit any time soon (i.e., buying a car, opening a credit card, buying a home), you may be comfortable waiting or monitoring your credit on your own. If you are going to be opening up new credit, or do not want to monitor your credit on your own, you may want to consider AllClear PRO as an option.

Yes, AllClear ID is a known entity.  They have handled numerous of the large breaches.  In full disclosure, they are the vendor that UConn has used when we have had data breaches in the past. There are certainly other reputable companies in the marketplace that offer credit monitoring and/or identity repair services.  Your bank and credit card companies likely offer services as well.  Again, how you personally monitor your credit and your own sensitive information is a personal choice.

BUT, be aware that there are also scam artists out there looking to further take advantage of the vulnerability you are now feeling.

So here are my suggestions:

  1. Read the notifications you receive from your employer, on Anthem’s general breach information websites and should you receive one, direct notification to you from Anthem.
  2. Read the options that Anthem is offering through AllClear ID.  Call AllClear ID at 877-263-7995 and ask questions of their advisors if you feel you need more information about the services available.
  3. Think about your own personal situation.  Decide what (if any) sort of credit monitoring, protection, insurance and/or assistance might be useful for you.
  4. And again, going back to my blog post from yesterday, visit the Federal Trade Commission’s (FTC) identity theft information page, the Better Business Bureau, your State’s Attorney General (here is Connecticut’s) or Consumer Protection agencies, and the credit bureaus (Experian, Transunion, Equifax) for more information and other options to assist you.

Stop! Thief!

thiefcard  thiefphone  thieflicense

If you are or were a customer of Anthem, identity theft is probably on your mind right about now.  I’ll have more on the Anthem data breach later, but for now, it might be a good idea to revisit a Blog entry I originally published in January of 2013.  Here is an excerpt with some practical tips about protecting your sensitive personal data that might be of particular interest to identity thieves.

Taking Care of Your Personal Information

What can you do to diminish the chances that you will become the victim of identity theft?  Here are some pointers:

  • Watch out for imposters!  Make sure you know who is asking for your personal or financial information and why they are asking for it. Don’t give out personal information on the phone, through the mail or online unless you’ve initiated the contact or know who you’re dealing with.
  • Manage your records.  Do not keep paper or electronic records that contain sensitive personal information longer than you need to.  Make sure you store your records that contain sensitive personal information in a secure location.
  • Properly dispose of paper records.  When disposing of paper records, do not throw documents with personal information on them in the trash.  Shred, shred shred!
  • Clear your mobile device before you get rid of it.  Before you dispose of a mobile device (such as your smartphone) check your owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device properly.
  • Encryption as a tool.  Consider encrypting files or even computer hard-drives that contain sensitive information.
  • Update security features.  Make sure that you update security and antivirus features and install patches on your computer regularly.
  • Monitor your credit.  Monitor your credit with each of the 3 major credit bureaus.  Federal law requires nationwide consumer reporting companies to provide you with a free credit report, at your request, once per year.
  • Password protection.  Protect your password the same way you would protect other sensitive personal information about yourself.  Create complex passwords and have different ones for each account if possible.  Do not share you passwords with anyone.
  • Do they really need my SSN?  Think twice (or 3 times!) before you give out your Social Security Number. If someone asks you to share your SSN, ask that person why they need it, how it will be used, how they will protect it, and what happens if you don’t share it with them.
  • Be wise about Wi-Fi.  Before you send personal information over your laptop or smartphone on a public wireless network in a coffee shop, library, airport, hotel or other public place, see if your information will be protected.
  • How social should I be?  Do not overshare on social networking websites.  Avoid posting personal information, such as your birth date or address.  Also consider how much you post about your life.  Identity thieves can use what you post to answer common challenge questions on your accounts, such as your credit card.
  • Think you might be the victim of identity theft?  Want to be prepared just in case?  The Federal Trade Commission, the Identity Theft Resource Center and staysafeonline.org provide excellent information regarding what to do if you become a victim of identity theft.

I’m back. Did you miss me?

After a brief hiatus, the UConn Privacy Blog is back.  Did you miss me?

Back from Hiatus
Image borrowed from https://toothybooks.wordpress.com

I thought, since I am refreshing this Blog, that I would remind you why I started it in the first place.  Here’s flashback to my very first post.

So why restart this now?  Well, a lot is going on in the privacy and data security world as we begin 2015.  Big Data, big breaches, living in the cloud, MOOCs, drones, wearable technologies and the Internet of Things.  I have thoughts.  And my colleagues out there in the privacy and data security world have thoughts.   It seemed like as good a time as any for me to time to start this Blog back up to share those thoughts and provide you with links, tips and other useful information about all-things-privacy going on around us in higher education where I sit, but also in this world around us that seems to be getting smaller and more interconnected, but more complicated in terms of managing expectations and personal control about us and our information all at the same time.  Man, that’s a mouthful!  Hopefully in revitalizing this Blog, I’ll be able to break down these issues and more.


So the long-and-short of it, I’m back at this Privacy Blogging Thing!  And just in time for Data Privacy Day.  I’ll have more on that tomorrow.

Have any topics you’d like to see me talk about? Interested in guest blogging or sharing your thoughts on Privacy, Data Security or Records Management?  Let me know.  I would love to hear from you.


“Ok, Glass.”

Image borrowed from marketingland.com.

Have you heard about the new Google Glass?  Basically Google has created these new glasses with a teeny-tiny screen that works much like your smartphone.  You can take photos and video, upload to social media sites, respond to texts, run Google searches, ask for and view directions — and all of this right in front of your eyes at all times and commanded by the simple phrase, “Ok, Glass….”  This the-future-is-here-now concept is being tested by tech bloggers, developers and what Google calls “explorers” around the country as I write this blog entry.  Look for folks walking around with them on in a city near you!  Here’s a review of the product from one guy who gives his take on his “First Day of Being a Glasshole.”

There is lots of chatter out there about both the coolness and simplicity of the new technology and how odd the glasses look.  Saturday Night Live has even gotten in on the action.  (This skit made me laugh out loud!)  But more importantly, one of the broader discussions has been about the privacy implications of the Google Glass concept.  As the technology and design improves, will we even know when someone is wearing these sorts of glasses, or what they are recording and then posting on Facebook or Twitter with the simple nod of their head?

Borrowed from t324.com ‘s blog entry, “Will we ignore privacy concerns for the convenience of Google Glass?”

Granted, the concept is really cool, but how do you feel about these gadgets being worn in places where you might otherwise expect some privacy, like a locker room or restroom?  Just how different is this technology from someone using their smartphone surreptitiously to do the same thing?  Apparently different enough that the glasses have already been banned from some bars and from some Las Vegas casinos (though this doesn’t come as a surprise, does it?).  What about when Google Glass invades the classroom?  Will schools be ready to deal with the potential issues the glasses raise in educational environments?  Or will they become the latest high-tech teaching tool?

The Wall Street Journal’s article “Google Glass: An  Etiquette Guide” gives some insight into the technology and provides tips for social etiquette for Google Glass wearers.  What do you think?  Will you be Gaga for Google Glass?  And if so, will you use your new powers responsibly?

Privacy Awareness Week



It’s Privacy Awareness Week in Asia (April 28-May 4).  Check out the great information on the Privacy Awareness Week webpage.  The site has lots of resources and links from around the world, as well as tips and practical advice.  Check out this test you can take to determine how aware you are about risks of Identity Theft.  I’m also a big fan of the poster they created to show just how changes in technology have also increased our privacy risks.  Happy Privacy Awareness Week!

Privacy, Security & Compliance: Strange Bedfellows or Marriages Made in Heaven?

Photo Credit: EDUCAUSE

Well, it is February.  Data Privacy Month has come to a close.  I want to than everyone who participated in UConn’s Data Privacy Month initiative, and who took the time to read this blog and my posting in other places, like UConn’s Daily Digest and on Facebook over the course of the month of January.  It is wonderful to have a full month to focus on privacy initiatives and best practices, but at all businesses, including institutions of higher education, the work goes on year-round.  Using Data Privacy Month as a jumping-off-point, I’m going to continue posting great articles, pointers, videos and best practice resources throughout the year.

So here’s the first post for February:

Two of my higher education colleagues, Michael Corn (University of Illinois at Urbana-Champaign) and Jane Rosenthal (University of Kansas) recently wrote a great article for the EDUCAUSE Review about the interplay of the roles of privacy, security and compliance professionals in university environments. Take a look!


Around the Water Cooler


Ever wonder what privacy officers in higher education think about?  Here’s your opportunity to find out.  Today EDUCAUSE is hosting its final webinar of Data Privacy Month entitled, “Privacy Officers Around the Virtual Watercooler.”  Join 3 of my amazing colleagues from around the country as they discuss current privacy challenges on campus: Merri Beth Lavagnino of Indiana UniversityJane Rosenthal of University of Kansas and Kent Wada of UCLA.

Event Details

  • Date: January 30, 2013
  • Time: 1:00–2:00 p.m. (ET)

To join this webinar, simply go to the Adobe Connect  website: https://educause.adobeconnect.com/eduweb and select “Enter as a Guest.”