“At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the “Red Flags” Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule. Today’s announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.

“Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule – and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift,” FTC Chairman Jon Leibowitz said. “As an agency we’re charged with enforcing the law, and endless extensions delay enforcement.”

The Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft…”

For more information go to:  http://bit.ly/BTR-FTC

Personal Advice: There are three major credit bureaus that are tied to the absolutely free http://www.annualcreditreport.com resource website.  When a person signs on to this website they are presented with all three major bureaus (Experian, Equifax, and Trans Union) with a radio button type selection option.  To practice the strategy mentioned above, choose just one.  Then come back in 120 days and choose the next. And then 120 days later again choose the third.   Don’t panic if you see something you do not recognize, just challenge it by following the bureau’s instructions to inquire further into a posting.  If it is an error, follow the dispute process.  Only ask for all three at once if the first report reveals inappropriate activity after your investigation.  To learn more about monitoring other data aggregators who also allow one free report of the information they would report on you, go to our website under the consumer’s section. http://btr-security.com.  Sign-up for free self monitoring support. We will send you an email  reminder when it is time to take your next step in this and additional strategies.

Benefit for employer’s: If an employer mandates that their employees practice this exercise and report that they have each time performed, as part of their continued employment, they will reduce their risk of not discovering a data breach leaked from their own files.  This is especially true if all of a sudden several employees are reporting they discovered inappropriate use of their identity.  If the problem is isolated to just the one employee reporting a problem, at least they have discovered the problem early and they will be in a better position to resolve the problem without sacrificing too much time off work or time at work handling the problem verses doing their assigned work tasks. With either result, the employer benefits from early detection of a data breach or at least a less distracted employee.

According to the Identity Theft Resource Center (http://www.idtheftcenter.org) over 354 million records have been reported breached since they started tracking data breaches in 2005.  With so much information out there on us, we all should be monitoring our identity on a regular basis.  We live in a different world today with the misuse of personal information on the rise, and the only way we can combat this problem is by viewing these reports generated about us by credit bureaus and the other data aggregators.  If you would like a free consultation on protecting your identity, please call 610-444-5295 for a no obligation appointment.  Ask us to speak at your next event at no charge too.

However for social media sites you cannot “wipe” clean your information all you can do is depend on their delete or remove functionality.  Best tip I can offer right now is don’t put anything on your social media site(s) that you would consider sensitive information.  Any personally identifying information you post can be used by an identity thief.  Information like your birthday, address, pet’s name “favorite pet” security questions, a mother’s maiden name are a few examples.  Here are two articles that address proper social networking.  Click on them to read some good social networking advice and policy suggestions if you are an employer.

Social Networking Tips

Social Networking 7 Dos and Don’ts

I am using these articles at an upcoming Pennsylvania Institute of Certified Public Accountants (PICPA) sessions I am speaking at on May 13th in Harrisburg.  But you, my friends, get to see it now.  Let me know what you think about privacy and social networking sites by commenting on this post.

Have a secure day!

Special Alert!

A common identity theft trick is to call or email an ID theft victim’s contact lists, whether it be easily available through social networking sites like FaceBook, LinkedIn, MySpace, Twitter, (to just name a few), or an implanted trojan malware on the victim’s own computer milking their Outlook Contacts lists, asking for emergency cash to be sent to a special account set-up overseas to accept their generous assistance.

What to do?

If you are contacted by a friend or relative claiming to be stranded by the recent shut down of air traffic there are ways to verify and assist your loved one.  First, verify that they are indeed where they say they are.  Contact a person who would likely know the actual whereabouts of the stranded friend.  Second, ask a difficult or outright odd questions that only the real person could know. Third, ask your financial institution for assistance in verifying the validity of the receiving account.  Doing at least two out of three of these steps will assure you that you are helping your actual friend and not being blinked our of whatever you send.

Plan Ahead

The best situation is for the traveler to have planned ahead.  You could  carry an emergency credit card that a trusted  friend or relative could pay down balances on your behalf back home instead of sending money overseas.  Make sure that a trusted friend or relative has a copy of your itinerary and you keep them up-to-date on changes to that itinerary.  And make sure that the trusted friend or relative has a way to contact you at all times.  All of these suggestions will help you in the emergency situation and prevent the opportunist identity thieves from blinking your friends and relatives out of thousands of dollars thinking they are  helping you.

What Have You Done?

Any other suggestions would be welcomed to this comment.  Please let us know what you would do if contacted by a stranded friend or relative asking for emergency assistance.

Businesses must provide these records within 30 days of receipt of the victim’s request. Businesses must also provide these records to any law enforcement agency which the victim authorizes.

Businesses may select a specific address to which requests from victims must be mailed. If the business does not have a high degree of confidence that it knows the victim, before providing the records, the business may ask victims for:

1. Proof of identity, which may be a government-issued ID card, the same type of information the identity thief used to open or access the account, or the type of information the business is currently requesting from applicants or customers

and

2. A police report and a completed affidavit, which may be either the FTC ID Theft Affidavit (PDF, 56 KB) or the business’s own affidavit.

This FCRA provision does not require a business to change its current information or record retention procedures. A business may decline to provide the records if, in good faith, it determines that this FCRA provision does not require disclosure, the business entity does not have a high degree of confidence in knowing the true identity of the requester after reviewing the proof of identity provided by the requester, the requester has made a misrepresentation of fact relevant to the request, or the information requested is Internet navigational data or similar information about a person’s visit to a website or online service.

Although a business may not deny disclosure of these records based on Subtitle A of title V of Public Law 106-102, the business may deny disclosure if it is otherwise prohibited under other provisions of state or federal law.

For more information on these requirements contact a BTR-Security team member  or see FTC Facts for Business.

Our firm focus is to help every employer prevent a potentially devastating breach of confidential information that your customers, employees, and vendors have given you to keep private. Our Identity and Sensitive Data Risk Management focus brings you solutions that fit your needs to operate in a productive manner while protecting your reputation.  A sensitive information data breach could negatively change your relationship with the most important people you deal with forever.

Securing sensitive information is not just about technology.  Technology is a very important partner in securing information, however, no matter how strong your technology, there are additional restraints needed to achieve the “Culture of Security” necessary to protect sensitive information.

What Every CEO should know about Preventing Data Breaches

How can a CEO of any enterprise create the Culture of Security with all the other demands to just survive in today’s economic environment?  By following our straight forward, low cost, process.

Learn more