Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Microsoft Making Their Internal Privacy Standards Public in August | Main | Social Engineering Is Still An Effective Fraudster Method »

ANSI and CBBB Announce Plans to Create Standards for ID Theft Prevention & ID Management

Yesterday (6/26) a Market Wire news story reported ANSI was partnering with the Council of Better Business Bureaus (CBBB) to establish a new standards panel to address identity theft prevention and identity management standards. 

This is a good proactive move; if a comprehensive federal law cannot (or will not) be created to address data protection and privacy in a way that provides good guidance and data protection requirements for all types of businesses, then it makes sense that non-profit organizations step up to grab the bull by the horns and provide sound guidance...actionable standards for businesses to use to demonstrate due care while also protecting information using realistic means.  That is my hope for such standards, anyway.  (I'm optimistic)

This partnership was actually announced by ANSI on 6/23.  The following is an excerpt:

"The prospective panel would serve to identify existing published standards (and those in development) as they pertain to identity theft protection as well as identify areas of need where updated or newly developed standards would further minimize the threat of identity theft or enhance identity management.

Standards pertinent to the panel’s work may cover areas such as:

  • Protocols for managing sensitive customer data -- Access, management, storage, and disposal;
  • Employment records management, storage, access and disposal;
  • Employee qualifications and training to handle sensitive data;
  • Criteria for selecting contractors who use or maintain organizational data;
  • Remedies to quickly recapture and restore the integrity of stolen identities or other personally-identifiable information;
  • The possible utility of universal identifiers as a tool to combat identity theft and fraud;
  • Protocols to anticipate new identity theft tactics as the marketplace continues to evolve."

Well, this list isn't definitive; notice the news release indicated the "work may cover" these areas. 

Some of the items in the list are also noble, but lofty, goals...particularly the last three listed.  However, it is good that these issues will be addressed by organizations that will hopefully have people involved with the project who are knowledgeable in information security, privacy and realistic business practices.

I'll monitor activity and see where the initiative goes...hopefully it will be a vast improvement!

Technorati Tags







 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on June 27, 2006 9:03 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/114

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.