Identity Theft Resource Center
Privacy Policy

 

In accordance with state and federal laws the following is the privacy policy for the Identity Theft Resource Center (ITRC):

Your privacy is important to us. The Identity Theft Resource Center maintains a strict privacy policy. This privacy policy governs your use of the ITRC website and mobile device application.

What information does the ITRC collect and how is it used?

ITRC requests that you do not send us sensitive personal information such as Social Security numbers, dates of birth, crime reports, or any financial/medical account numbers. Any such information received by the ITRC will be immediately destroyed.

 

Website

 

The ITRC website does not collect information from a child 13 years or younger without prior parental consent or direct parental notification. The ITRC website is intended for consumers age 14 or older. By using this site, user represents they are age 14 or older. ITRC advises all children under the age of 18 to seek parental consent before using our website.

 

User Provided Information: The website does have a live chat function for users to speak to ITRC Victim Advisors, but no sensitive personal information will be requested other than the state the user resides in as to provide them with relevant information according to their state’s laws. If the user chooses to provide the ITRC with sensitive personal information via live chat, said information will be immediately destroyed.

 

Automatically Collected Information: In order to provide the best website experience, the ITRC website does not honor Do Not Track signal requests as this website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

 

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

 

Application

 

The ITRC application does not collect information from a child 13 years or younger without prior parental consent or direct parental notification. The ITRC website is intended for consumers age 14 or older. By using this application, user represents they are age 14 or older. ITRC advises all children under the age of 18 to seek parental consent before using our application.

 

User Provided Information: The ITRC application may ask the user for their zip code in order to provide the user with the location of pertinent assistance, such as a Social Security office or local police station. The application does have a live chat function for users to speak to ITRC Victim Advisors, but no sensitive personal information will be requested other than the state the user resides in as to provide them with relevant information according to their state’s laws. If the user chooses to provide the ITRC with sensitive personal information via live chat, said information will be immediately destroyed.

 

The ITRC app case log feature allows users to make entries into this feature regarding the steps victims have taken during their remediation process.  This information can include but is not limited to date, time, and duration of calls to specific entities that the victim must contact to remediate their case, forms requested or filed, and actions taken. Sensitive personal information is not collected and victims are instructed to not add notes to their log that contain PII.  All case log entries are housed on the device upon which they are entered and not collected, retained or stored by the ITRC.

 

Automatically Collected Information: The ITRC application will collect the user’s phone number and unique device MEID or IMEI identifier. In addition, when you visit the mobile application, we may use GPS technology (or other similar technology) to determine your current location in order to provide you with the location of pertinent assistance, such as a Social Security office or local police station.

 

If you do not want us to use your location for the purposes set forth above, you should turn off the location services for the mobile application located in your account settings or in your mobile phone settings and/or within the mobile application.

 

ITRC Call Center

 

The ITRC Call Center does not collect information from a child under the age of 18 years without prior parental consent or direct parental notification. The ITRC Call Center is intended for consumers age 18 or older. By calling the ITRC Call Center, the caller represents they are 18 years or older.

 

User Provided Information: The ITRC Call Center collects personal information for the sole purpose of identity theft mitigation. This information consists of the caller’s name, telephone number, email address, and state of residence. If you need to have forms mailed to you, we will also collect your mailing address.

 

Automatically Collected Information: The ITRC Call Center will automatically collect the phone number of the person calling.

 

Usage of Information

 

The ITRC uses the information collected solely for the purpose of providing identity theft case mitigation advice and conducting research on and about the crime of identity theft; however, individuals are not identified in the results of these studies.

 

Do third parties see and/or have access to information obtained by the ITRC?

 

Yes. We will share your information with third parties only in the ways that are described below:

 

We may disclose User Provided and Automatically Collected Information:

  • as required by law, such as to comply with a subpoena, or similar legal process;
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
  • with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement. 
  • for research or statistical purposes; however, individuals are not identified in the results of these studies.
  • with your express permission, we may share your information with the media or legislators who desire to contact and speak to individuals who have experienced particular identity theft abuses. 
     

Data Retention Policy, Managing Your Information, Disposal

The ITRC will maintain personal information collected via its Call Center in electronic form using SalesForce, a database program specially designed for enterprise business services. The SalesForce database used by ITRC is accessible by ITRC staff and third party vendors for the specific purpose of case remediation only, and with permissions regulated strictly by individual login. Safeguards for the protection of electronic files include both hardware and software firewalls, use of SSL technology for all connections, verified IP for all connections, and discrete user tokens on each user machine, as well as user name and password protection. Information can include name, state of residence, phone number, and/or e-mail address, and in some cases city and street address.

All other personal and non-personal information collected by the ITRC are to be stored in electronic form on the ITRC file server, in an access controlled room, within the ITRC facility. They are protected by appropriate firewalls and intrusion detection. External access to the server is limited to secure VPN only.

Because the ITRC undertakes an advisory role with victims of identity theft, and because the nature of this crime may require years for mitigation, victims have the expectation that ITRC will retain for safekeeping and future access any case information that may be of use to the victim’s case in the future. ITRC has the ability to store client files for safekeeping indefinitely in a secure, locked storage unit housed in the same building as the ITRC offices. Data will be retained for a minimum period of three years and/or destroyed at the request of the victim.

Children

We do not use the ITRC website or application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at This email address is being protected from spambots. You need JavaScript enabled to view it.. We will delete such information from our files within a reasonable time.

Security

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our services. Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

Changes

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here and informing you via email or text message. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes. You can check the history of this policy by clicking here. 

Your Consent

By using the ITRC website or application you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. "Processing,” means using cookies on a computer/hand held device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information, all of which activities will take place in the United States. If you reside outside the United States your information will be transferred, processed and stored there under United States privacy standards. 

Contact us

If you have any questions regarding privacy while using the Application, or have questions about our practices, please contact us via email at This email address is being protected from spambots. You need JavaScript enabled to view it..

END OF PRIVACY POLICY 

 

ITRC Internal Privacy Policies and Procedures 

  

Data Access

Access to data will be limited to those employees having a need for such data and that such employees shall be advised of and agree, in writing to comply with these regulations. 

All contractors, subcontractors, and consultants requiring access to identifiable data will agree, in writing to comply with these requirements.  At no time shall such contractors, subcontractors, and consultants be given access to identifiable data within ITRC without a need to know, and prior approval of the ITRC management.

 

Data Collection 

This is data which is collected for the purposes of assisting general victims of identity theft. This shall consist of name, state of residence, phone number, and/or e-mail address.  A street address may be collected for the purposes of mailing information to the individual to assist them with their case. 

This is also data that is collected for the purposes of studies or research.  Upon completion of gathering of data, the personal identifying information shall be separated and maintained in a secure manner.  During the research phase, some individuals request to do media. At this time they volunteer their information, which is entered, as appropriate, into SalesForce. We do not release the victim’s information to the media. It is the policy of the ITRC to provide the media contact information to the victim so that the victim may initiate the contact with the media. 

Any data automatically collected by the ITRC website or application is for the use and operation of said website and application. Information collected automatically by the ITRC website or application is not stored internally with the ITRC, but with third party vendors operating and maintain said website and application. 

Data Disclosure 

Any private person from whom identifiable information is collected or obtained shall be notified that such data will only be used or revealed for research or statistical purposes, or identity theft case management, and that compliance with the request for information is not mandatory and participation in the project or case may be terminated at any time.

 

All participants in the victim assistance program are in informed of the following:

  • All information provided is used to assist in providing proper guidance for the individual. The ITRC does not require city or street address of the caller.  However, a city and street address may be collected for the purposes of mailing information to the individual to assist them with their case.
  • We do require that they provide the name of the state of residence so that we can give them correct information on their state laws and case options. The individual may or may not choose to supply the name of the city from where they are calling.
  • Persons being asked to participate in any ITRC conducted study are informed that giving their person information is entirely optional. 

All participants in the collection phase of any ITRC conducted study will have all information that identifies the participant stripped from the working data for storage. This personal data is used only to contact those individuals from whom greater explanation is required for the study.  It is then removed from the dataset. 

Permission to share information / Data Transfer

Any person providing personal information, regarding any private person from which identifiable data is collected or obtained by the ITRC, either orally or by means of written questionnaire, shall be advised that the data will only be used or revealed 

  • as required by law, such as to comply with a subpoena, or similar legal process;
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
  • with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement. 
  • for research or statistical purposes; however, individuals are not identified in the results of these studies.
  • with private person’s express permission, we may share their information with the media or legislators who desire to contact and speak to individuals who have experienced particular identity theft abuses. 

Requirements for Staff

Members of the ITRC will, at all times, ensure that the privacy of confidential information is maintained. 

 

Data storage shall be maintained in accordance with current best business practices with all appropriate safeguards in place.  At no time will any electronic storage devices be donated, traded, exchanged, shared or sold to any party, person or entity. Nobody will be allowed access to any area of the ITRC network or server domain without the express permission of a member of the management team. No ITRC personnel shall accept and/or connect any alien device to the domain without the expressed permission of the management team.  All research data is maintained on the ITRC servers behind appropriate fire walls and security.

 

ITRC Staff and third party contractors also must sign the excerpt below upon joining the ITRC: 

I, the undersigned, have read the ITRC privacy policy above and understand the necessity for maintaining privacy of personally identifying information.  I have read and understand the requirements above as they relate to my handling of personally identifying information and hereby agree to comply with all respects and intents of the ITRC policy.  I further understand that my personal accountability for proper handling of personally identifying information is a condition for my continued employment or business association with the Identity Theft Resource Center.

Security/Storage Details:

The ITRC will maintain personal information collected via its Call Center in electronic form using SalesForce, a database program specially designed for enterprise business services. The SalesForce database used by ITRC is accessible by ITRC staff and third party vendors for the specific purpose of case remediation only, and with permissions regulated strictly by individual login. Safeguards for the protection of electronic files include both hardware and software firewalls, use of SSL technology for all connections, verified IP for all connections, and discrete user tokens on each user machine, as well as user name and password protection. Information can include name, state of residence, phone number, and/or e-mail address, and in some cases city and street address.

All other personal and non-personal information collected by the ITRC are to be stored in electronic form on the ITRC file server, in an access controlled room, within the ITRC facility. They are protected by appropriate firewalls and intrusion detection. External access to the server is limited to secure VPN only.

Retention/Disposal 

Because the ITRC undertakes an advisory role with victims of identity theft, and because the nature of this crime may require years for mitigation, victims have the expectation that ITRC will retain for safekeeping and future access any case information that may be of use to the victim’s case in the future. ITRC has the ability to store client files for safekeeping indefinitely in a secure, locked storage unit housed in the same building as the ITRC offices. Data will be retained for a minimum period of three years and/or destroyed at the request of the victim. 

This summary of the ITRC’s privacy policies and procedures was drafted by the ITRC legal analyst and reviewed by the ITRC President & CEO. We, the undersigned, certify that the data privacy and sharing protocols listed herein comport with the confidentiality and privacy rights and obligations of federal law or the jurisdiction laws, court rules, or rules of professional conduct applicable to work performed by the ITRC.

 


 If you have any questions or concerns about this privacy policy, please feel free to contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. 

Site built by Goldfish Consulting following the above guidelines.

 

ITRC Sponsors and Supporters 

 

 

 

 

 

Go to top

 

The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.