FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule
From the FTC website dated May 28, 2010:
“At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the “Red Flags” Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule. Today’s announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.
“Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule – and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift,” FTC Chairman Jon Leibowitz said. “As an agency we’re charged with enforcing the law, and endless extensions delay enforcement.”
The Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft…”
For more information go to: http://bit.ly/BTR-FTC
Employers who mandate identity monitoring lower their risks
Employers should make it a mandatory exercise that all employees regularly monitor their identity. Data breaches of the company’s own employees’ personally identifiable information (PII) can be detected if an employee discovers inappropriate activity from their review of credit reports and other free consumer aggregators’ data bases. If they follow a strategy of reviewing their reports by spacing them out through out the year, they increase the likelihood of discovering a problem early.
Personal Advice: There are three major credit bureaus that are tied to the absolutely free http://www.annualcreditreport.com resource website. When a person signs on to this website they are presented with all three major bureaus (Experian, Equifax, and Trans Union) with a radio button type selection option. To practice the strategy mentioned above, choose just one. Then come back in 120 days and choose the next. And then 120 days later again choose the third. Don’t panic if you see something you do not recognize, just challenge it by following the bureau’s instructions to inquire further into a posting. If it is an error, follow the dispute process. Only ask for all three at once if the first report reveals inappropriate activity after your investigation. To learn more about monitoring other data aggregators who also allow one free report of the information they would report on you, go to our website under the consumer’s section. http://btr-security.com. Sign-up for free self monitoring support. We will send you an email reminder when it is time to take your next step in this and additional strategies.
Benefit for employer’s: If an employer mandates that their employees practice this exercise and report that they have each time performed, as part of their continued employment, they will reduce their risk of not discovering a data breach leaked from their own files. This is especially true if all of a sudden several employees are reporting they discovered inappropriate use of their identity. If the problem is isolated to just the one employee reporting a problem, at least they have discovered the problem early and they will be in a better position to resolve the problem without sacrificing too much time off work or time at work handling the problem verses doing their assigned work tasks. With either result, the employer benefits from early detection of a data breach or at least a less distracted employee.
According to the Identity Theft Resource Center (http://www.idtheftcenter.org) over 354 million records have been reported breached since they started tracking data breaches in 2005. With so much information out there on us, we all should be monitoring our identity on a regular basis. We live in a different world today with the misuse of personal information on the rise, and the only way we can combat this problem is by viewing these reports generated about us by credit bureaus and the other data aggregators. If you would like a free consultation on protecting your identity, please call 610-444-5295 for a no obligation appointment. Ask us to speak at your next event at no charge too.
Facebook and other “social media” sites do not delete info even if you do
This doesn’t surprise me because in order to remove a file from your own computer you cannot do so with the just the “delete” function. You have to “wipe” it clean. As part of any data security policy all electronic devices containing sensitive information must be “wiped” clean with appropriate utility programs or pulverized if physically destroying the entire device.
However for social media sites you cannot “wipe” clean your information all you can do is depend on their delete or remove functionality. Best tip I can offer right now is don’t put anything on your social media site(s) that you would consider sensitive information. Any personally identifying information you post can be used by an identity thief. Information like your birthday, address, pet’s name “favorite pet” security questions, a mother’s maiden name are a few examples. Here are two articles that address proper social networking. Click on them to read some good social networking advice and policy suggestions if you are an employer.
Social Networking 7 Dos and Don’ts
I am using these articles at an upcoming Pennsylvania Institute of Certified Public Accountants (PICPA) sessions I am speaking at on May 13th in Harrisburg. But you, my friends, get to see it now. Let me know what you think about privacy and social networking sites by commenting on this post.
Have a secure day!
Copy machines hold sensitive information on their hard drives!
This is a new one for me. I never thought about copy machines having hard drive storage, but it makes sense now that they are networked with computers. But the “images” stay on the hard drives just like files do on our computers. If you ever have it fixed, all the sensitive information is right there for a repairman to see. So add copy machines to your list of electronic devices that need to be wiped clean prior to disposal or repair. For more information on this view this article: http://bit.ly/CopyMachine
Airborne Volcanic Ash Gives ID Thieves Opportunity to “Cash In”
Since the worldwide news about the Icelandic volcano eruption disrupting air travel, tens of thousands of people find themselves stranded overseas. This situation is very unfortunate on its own, but consider the cash door this opens to Identity Thieves.
Special Alert!
A common identity theft trick is to call or email an ID theft victim’s contact lists, whether it be easily available through social networking sites like FaceBook, LinkedIn, MySpace, Twitter, (to just name a few), or an implanted trojan malware on the victim’s own computer milking their Outlook Contacts lists, asking for emergency cash to be sent to a special account set-up overseas to accept their generous assistance.
What to do?
Assisting Victims
If an individual contacts you claiming to be a victim of identity theft, stemming from a transaction involving your company, you have certain federal mandates to follow. Under the 2003 amendments to the Fair Credit Reporting Act (PDF, 192 KB) (FCRA) section 609(e), identity theft victims are entitled to get from businesses a copy of the application or other business transaction records relating to their identity theft free of charge. You may use this download able sample letter that consumers may send to businesses, along with the relevant law, on this website.
Preventing Data Breaches
Since 2005 over 350 Million Sensitive Personal Records Have Been Breached Costing Enterprises Responsible Billions in Penalties and Civil Liabilities.
Our firm focus is to help every employer prevent a potentially devastating breach of confidential information that your customers, employees, and vendors have given you to keep private. Our Identity and Sensitive Data Risk Management focus brings you solutions that fit your needs to operate in a productive manner while protecting your reputation. A sensitive information data breach could negatively change your relationship with the most important people you deal with forever.
Securing sensitive information is not just about technology. Read more
