by VentureStreet  Join Our Network
Business Owner Awareness Of Non Compliance
By Carl Nelepovitz



Non-Compliance could cost you Personally, or our business, up to $1,000.000 in fines and up to 10 years in prison........FTC

CONCERNING : Federal Legislation and multitude of state laws

AFFECTED: 100% of business ownerswho deal with customer or employee information

UNAWARE: Nearlly 87% of all business owners aren't aware that laws affect them

TIMELINE: Effective Immediately

CONSEQUENCES: Business Closures, Fines/ Penalties-up to $1,000.000, Criminal/Civil Litigation, Prison

Protecting Personal Information: Five Steps for Business

What’s in your file cabinet right now? Tax records? Payroll information? And what’s on your computer system? Financial data from your suppliers? Credit card numbers from your customers? To a busy marketer, those documents are an everyday part of doing business. But in the hands of an identity thief, they’re tools for draining bank accounts, opening bogus lines of credit, and going on the shopping spree of a lifetime — at the expense of your company, your employees, and the customers who trust you.

Sophisticated hack attacks make the headlines, but many security breaches could be prevented by commonsense measures that cost companies next to nothing. That’s why the Federal Trade Commission (FTC) has published Protecting Personal Information: A Guide for Business, a plain-language handbook with practical tips on securing sensitive data. The specifics depend on the size of your company and the kind of information you have, but the basic principles remain the same. Whether you work for a multinational powerhouse with branches around the world or a start-up based in a home office, a sound information security plan is built on these five key practices:

Take stock. Know what personal information you have in your files and on your computer. Understand how personal information moves into, through, and out of your business and who has access — or could have access to it.
Scale down. Keep only what you need for your business. That old business practice of holding on to every scrap of paper is “so 20th century.” These days, if you don’t have a legitimate business reason to have sensitive information in your files or on your computer, don’t keep it.

Lock it. Protect the information you keep. Be cognizant of physical security, electronic security, employee training, and the practices of your contractors and affiliates.
Pitch it. Properly dispose of what you no longer need. Make sure papers containing personal information are shredded, burned, or pulverized so they can’t be reconstructed by an identity thief.

Plan ahead. Draft a plan to respond to security incidents. Designate a senior member of your team to create an action plan before a breach happens.

Protecting Personal Information — Know Why
Thousands of corporate executives have read the Federal Trade Commission’s new publication, Protecting Personal Information: A Guide for Business, available at ftc.gov/infosecurity. They’ve picked up practical tips on how their company can secure and protect the personal information it keeps. But some business owners may still be wondering why data security should be at the top of their agenda. Two reasons show why your company should strive to safeguard personal information.

First, good security is just plain good business. Aware of the risk of identity theft, today’s customers are concerned about their privacy. As any business that has experienced a breach has learned, customers prefer companies that demonstrate a commitment to security. For the same reasons, customers will think twice before doing business with a company that has experienced a privacy glitch. Given this choice, many businesses find it more cost-effective to secure the information they have rather than try to repair the damage and rebuild consumer confidence after a data loss or breach.

The second reason to take proactive steps to secure data is that federal and state laws may require companies to implement reasonable information security practices. Depending on your business and the type of information you keep, these laws may apply to you, including:

Fair Credit Reporting Act — Also known as the FCRA, this law is designed primarily to protect the privacy of what it calls “consumer report” information — the details in a consumer’s credit report — and to guarantee that the information supplied by consumer reporting agencies is as accurate as possible. A consumer report contains information about individuals’ personal and credit characteristics, character, and general reputation. To be covered by the FCRA, a report must be prepared by a “consumer reporting agency,” a business that assembles reports for other companies. In your files right now you may have consumer reports on your employees if you’ve done background checks, perhaps as part of hiring. Or you may have consumer reports if you’ve needed to look into customers’ credit histories. You have a legal obligation to keep this information secure when it’s in your possession. But what about when you no longer have a legitimate business need to keep it? Scaling back on what’s in your files is a great idea as long as you show care in how you get rid of sensitive information like consumer reports. Under the FCRA, the FTC has issued a rule requiring companies to exercise care when pitching out consumer reports or information derived from them.

Called the Disposal Rule, it requires businesses who have information covered by the FCRA to take reasonable measures when they dispose of it. Businesses that collect consumer credit information, credit reports, or employee background histories should be familiar with this rule and make sure they’re in compliance. (By the way, the FCRA was amended in 2005 by another law called the Fair and Accurate Credit Transactions Act, or FACTA. You may hear about FCRA or FACTA, but they both refer to the same law.)

Gramm-Leach-Bliley Act — Also known as GLB, this law applies to “financial institutions.” Companies need to know that as the law defines it, the term “financial institutions” is broad and includes more than just banks. It applies to businesses engaged in a wide range of financial activities, including, for example, car dealers, tax preparers, and even (in some cases) courier services. Businesses that are financial institutions and that are not regulated by other agencies may fall within the FTC’s Safeguards Rule. Among other things, this rule requires businesses to have reasonable policies and procedures to ensure the security and confidentiality of customer information.

Federal Trade Commission Act — The FTC Act prohibits deceptive or unfair trade practices. Under the FTC Act, businesses must handle consumer information in a way that is consistent with their promises to their customers (for example, what they say in their online privacy policy), and avoid data security practices that create an unreasonable risk of harm to consumer data.

Other federal laws — Other federal laws may affect a company’s data security requirements, including the Health Insurance Portability and Accountability Act (HIPAA), which applies to health data; the Family Educational Rights and Privacy Act (FERPA), which applies to student records; and the Driver’s Privacy Protection Act (DPPA), which applies to information maintained by state departments of motor vehicles.

State laws — As concerns over identity theft and data security have increased, many states have passed laws or regulations to protect their citizens. In addition to complying with federal laws, businesses should look to state laws to make sure they are in compliance.

If this seems complicated, don’t worry. Despite these different rules, the FTC has tried to develop a single basic standard for data security that strikes the balance between providing concrete guidance, and allowing flexibility for different businesses’ needs. The standard is straightforward: Companies must maintain reasonable procedures to protect sensitive information. Whether your security practices are reasonable will depend on the nature and size of your business, the types of information you have, the security tools available to you based on your resources, and the risks you are likely to face.



Need some help securing your network? We can match you to a network security specialist near you.
Click to Get Matched
Other articles you may like:
Guest Security at Your Hotel. A Thing of the Present.
Guest security is of the utmost important to the hospitality industry. Hotel guest...

21 Cyber Security Tips for the 21st Century
With whirlwind advancements in technology everywhere today, do not leave yourself open...

Protect your PII and have peace-of-mind.
In today's world it is imperative that we protect ourselves while on the Internet and...

5 Tips to Keep Your Website Safe From Malicious Hackers
5 tips from security expert Regina Smola on how to keep your WordPress website safe from...

IT Security Salaries Should Increase by 4% in 2011
After several years of stagnated IT Security salaries, there is a break in increases...

Be the first to find this article helpful.
Need some help securing your network? We can match you to a network security specialist near you.
About the Author

Carl Nelepovitz, Global Risk Management Co / Legal Shield
8992 Preston Road ( Suite 110-747 )
Frisco, TX 75035
2393339233

If you would like to re-print this article, please contact the author.
Other articles you may like:
Four Common Password Policy Problems
The security of your systems and business in general is likely something that you are...

Mobile Branch Office – Mobile Network Relocations
Problem: You have a branch office moving within ninety days, but your service provider...

Driveway Gate Installation Cost
Everything you need to know about the average cost of driveway gate installation. Find...

Types of Driveway Gates
Learn more about the different types of driveway gates and the costs associated with...

Cost of Driveway Gate Installation
Learn about the factors that increase and decrease the cost of installing a driveway gate.

Editorial Disclaimer: The views expressed in articles published on this website are those of the authors alone. They do not represent the views or opinions of this website or its staff. The articles on this site do not constitute a recommendation or endorsement with respect to any views, company, or product. Authors affirm that article submissions are their original content or that they have permission to reproduce.

Home   |   Articles & Videos   |   Affiliates   |   Networking Groups   |   Search by Category   |   Professionals

Terms of Use   |   Privacy   |   About Us   |   Contact Us   |   Member Login

© 2003-2014 - VentureStreet, LLC

Join Our Business Network