Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« How Access Management Compliance Supports Good Business | Main | USA PATRIOT Act: FBI Is Underreporting Their Use Of This Law To Order Businesses to Monitor Email, Phone Calls and Financial Information »

"Protecting Personal Information: A Guide for Business": Free from the FTC

Today the U.S. Federal Trade Commission (FTC) released a 24-page guide, "Protecting Personal Information: A Guide for Business"

Within the guide the FTC advises businesses to protect personally identifiable information (PII) through the following actions:

"TAKE STOCK. Know what personal information you have in your files and on your computers.

SCALE DOWN. Keep only what you need for business.

LOCK IT. Protect the information you keep.

PITCH IT. Properly dispose of what you no longer need.

PLAN AHEAD. Create a plan to respond to security incidents."


Indeed; all good directives.

The devil is in the details, though. Organizations can take this high-level framework and build upon it the policies, procedures, technologies and practices unique to their organization. This guide is providing the shell of the car body; organizations need to provide the nuts, bolts, engine, and all the other parts necessary to make it run well.

However, the guide does provide checklists, recommendations and tips for creating breach response plan. So it does provide a starting basis.

This guide will seem very rudimentary to organizations with well defined and long established information security programs. However, for those who have old, or non-existent programs, or are just dealing with information security in an ad-hoc way, this guide will be useful. It will also be useful for small and medium sized businesses (SMBs) that often do not have the dedicated or experienced resources to address the wide scope of information security issues.

Even well established security programs can use this as a baseline against which they can see how their own program is doing.

Basically this is a very good PII protection primer. In fact, this could be good to get and give to each of your business leaders to help them understand the issues around and importance of safeguarding PII.

The U.S. taxpayers paid for this, it is professionally done and well-written, so you take advantage of this free awareness-raising resource!

Tags:                    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on March 8, 2007 5:39 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/342

Comments

87% of businesses don't have a clue that there are stringent state and federal laws that are aimed at trying to get a grip on the identity theft pandemic that has hit our country. Because they are NOT taking steps to protect their client's personal information, WE need to stay on top of our information by having a monitoring and restoration plan in place. For more information on an easy and inexpensive fix, take a look at my website. This is the fastest growing employee benefit because it keeps them on the job instead of taking hundreds of hours off work to work on legal and id theft problems.

Posted by: Belinda Rachman, Esq. | March 18, 2007 6:26 PM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.