Business Owner Awareness Of Non Compliance

Non-Compliance could cost you Personally, or our business, up to $1,000.000 in fines and up to 10 years in prison........FTC

CONCERNING : Federal Legislation and multitude of state laws

AFFECTED: 100% of business ownerswho deal with customer or employee information

UNAWARE: Nearlly 87% of all business owners aren't aware that laws affect them

TIMELINE: Effective Immediately

CONSEQUENCES: Business Closures, Fines/ Penalties-up to $1,000.000, Criminal/Civil Litigation, Prison

Protecting Personal Information: Five Steps for Business

What’s in your file cabinet right now? Tax records? Payroll information? And what’s on your computer system? Financial data from your suppliers? Credit card numbers from your customers? To a busy marketer, those documents are an everyday part of doing business. But in the hands of an identity thief, they’re tools for draining bank accounts, opening bogus lines of credit, and going on the shopping spree of a lifetime — at the expense of your company, your employees, and the customers who trust you.

Sophisticated hack attacks make the headlines, but many security breaches could be prevented by commonsense measures that cost companies next to nothing. That’s why the Federal Trade Commission (FTC) has published Protecting Personal Information: A Guide for Business, a plain-language handbook with practical tips on securing sensitive data. The specifics depend on the size of your company and the kind of information you have, but the basic principles remain the same. Whether you work for a multinational powerhouse with branches around the world or a start-up based in a home office, a sound information security plan is built on these five key practices:

Take stock. Know what personal information you have in your files and on your computer. Understand how personal information moves into, through, and out of your business and who has access — or could have access to it.
Scale down. Keep only what you need for your business. That old business practice of holding on to every scrap of paper is “so 20th century.” These days, if you don’t have a legitimate business reason to have sensitive information in your files or on your computer, don’t keep it.

Lock it. Protect the information you keep. Be cognizant of physical security, electronic security, employee training, and the practices of your contractors and affiliates.
Pitch it. Properly dispose of what you no longer need. Make sure papers containing personal information are shredded, burned, or pulverized so they can’t be reconstructed by an identity thief.

Plan ahead. Draft a plan to respond to security incidents. Designate a senior member of your team to create an action plan before a breach happens.

Protecting Personal Information — Know Why
Thousands of corporate executives have read the Federal Trade Commission’s new publication, Protecting Personal Information: A Guide for Business, available at ftc.gov/infosecurity. They’ve picked up practical tips on how their company can secure and protect the personal information it keeps. But some business owners may still be wondering why data security should be at the top of their agenda. Two reasons show why your company should strive to safeguard personal information.

First, good security is just plain good business. Aware of the risk of identity theft, today’s customers are concerned about their privacy. As any business that has experienced a breach has learned, customers prefer companies that demonstrate a commitment to security. For the same reasons, customers will think twice before doing business with a company that has experienced a privacy glitch. Given this choice, many businesses find it more cost-effective to secure the information they have rather than try to repair the damage and rebuild consumer confidence after a data loss or breach.

The second reason to take proactive steps to secure data is that federal and state laws may require companies to implement reasonable information security practices. Depending on your business and the type of information you keep, these laws may apply to you, including:

Fair Credit Reporting Act — Also known as the FCRA, this law is designed primarily to protect the privacy of what it calls “consumer report” information — the details in a consumer’s credit report — and to guarantee that the information supplied by consumer reporting agencies is as accurate as possible. A consumer report contains information about individuals’ personal and credit characteristics, character, and general reputation. To be covered by the FCRA, a report must be prepared by a “consumer reporting agency,” a business that assembles reports for other companies. In your files right now you may have consumer reports on your employees if you’ve done background checks, perhaps as part of hiring. Or you may have consumer reports if you’ve needed to look into customers’ credit histories. You have a legal obligation to keep this information secure when it’s in your possession. But what about when you no longer have a legitimate business need to keep it? Scaling back on what’s in your files is a great idea as long as you show care in how you get rid of sensitive information like consumer reports. Under the FCRA, the FTC has issued a rule requiring companies to exercise care when pitching out consumer reports or information derived from them.

Called the Disposal Rule, it requires businesses who have information covered by the FCRA to take reasonable measures when they dispose of it. Businesses that collect consumer credit information, credit reports, or employee background histories should be familiar with this rule and make sure they’re in compliance. (By the way, the FCRA was amended in 2005 by another law called the Fair and Accurate Credit Transactions Act, or FACTA. You may hear about FCRA or FACTA, but they both refer to the same law.)

Gramm-Leach-Bliley Act — Also known as GLB, this law applies to “financial institutions.” Companies need to know that as the law defines it, the term “financial institutions” is broad and includes more than just banks. It applies to businesses engaged in a wide range of financial activities, including, for example, car dealers, tax preparers, and even (in some cases) courier services. Businesses that are financial institutions and that are not regulated by other agencies may fall within the FTC’s Safeguards Rule. Among other things, this rule requires businesses to have reasonable policies and procedures to ensure the security and confidentiality of customer information.

Federal Trade Commission Act — The FTC Act prohibits deceptive or unfair trade practices. Under the FTC Act, businesses must handle consumer information in a way that is consistent with their promises to their customers (for example, what they say in their online privacy policy), and avoid data security practices that create an unreasonable risk of harm to consumer data.

Other federal laws — Other federal laws may affect a company’s data security requirements, including the Health Insurance Portability and Accountability Act (HIPAA), which applies to health data; the Family Educational Rights and Privacy Act (FERPA), which applies to student records; and the Driver’s Privacy Protection Act (DPPA), which applies to information maintained by state departments of motor vehicles.

State laws — As concerns over identity theft and data security have increased, many states have passed laws or regulations to protect their citizens. In addition to complying with federal laws, businesses should look to state laws to make sure they are in compliance.

If this seems complicated, don’t worry. Despite these different rules, the FTC has tried to develop a single basic standard for data security that strikes the balance between providing concrete guidance, and allowing flexibility for different businesses’ needs. The standard is straightforward: Companies must maintain reasonable procedures to protect sensitive information. Whether your security practices are reasonable will depend on the nature and size of your business, the types of information you have, the security tools available to you based on your resources, and the risks you are likely to face.