Search Realtime IT Compliance
Entries from Realtime Community | IT Compliance tagged with 'FTC'
HIPAA/HITECH Breach Notice Rule: Applies To PHI of Deceased Individuals + Training A Key Element
After a few days unable to make time to post to the blog, or technical difficulties preventing me when I did make time, I'm happy to resume my posting! Today I want to offer a few thoughts about the breach...
Red Flags Rule Enforcement Delayed to August 1, 2009; FTC Providing a Compliance "Template"
The FTC has once more announced a delayed enforcement of the Red Flags Rule to August 1, 2009......
New Online Behavioral Advertising Principles: Self Regulation Does Not Mean Less Scrutiny By The FTC!
On February 12 the U.S. Federal Trade Commission (FTC), the most actively aggressive oversight agency in the U.S. with regard to enforcing privacy protections, released new behavioral advertising principles......
FTC Publishes Report On SSNs and Identity Theft
Today the U.S. Federal Trade Commission (FTC) released a new report about social security numbers (SSNs), identity theft, and recommended 5 ways to help prevend having SSNs being used for identity theft......
Example Of Why Business Leaders MUST Ensure Third Party Security
Below is a good example of why organizations need to do third party (vendor, outsourcers, business partners, etc.) information security and privacy program reviews. A very important sentence to show your business leaders who don't think they need to ensure...
Continued Use Of Site Means Consent to Privacy Policy Changes?
I speak with many folks about the importance of published website privacy policies, along with the issues of obtaining consent...not implied but explicit/express...to change the terms of privacy policies. I also participate in LinkedIn, and I have found it to...
FTC Postpones Active Red Flags Rule Enforcement To May 1, 2009
I was surprised to read this yesterday......
Despite 45+ U.S. Federal Laws, SSNs Still Widely Misused & Breached...Why?
It amazes me how many news articles are frequently reported that are related to the misuse or breach of social security numbers (SSN). Today just a few the stories that popped up included:...
New Website Seal For Companies Participating In The EU Safe Harbor Program
Something I've been spending a lot of work on this summer is creating management tools to help information security and privacy practitioners do their jobs more effectively and efficiently. In the past three months I've had over a dozen CISOs...
Free Info Sec & Privacy Training Hosted By The FTC and COPP
If you're in the Los Angeles area on August 13, here's what looks to be a good, FREE, day of getting information security and privacy training hosted by the U.S. Federal Trade Commission (FTC) and the California Office of Privacy...
15 Actions/Penalties Brought By FTC Under GLBA + FTC Act
The FTC has long provided a great role model for other government oversight and enforcement agencies with regard to their activities in ensuring organizations follow data protection laws and also ensure organizations actually fulfill the promises they make within their...
Do Your Terms Of Use Try To Gut Your Privacy Policy Promises?
I see a growing trend in organizations trying to gut the promises made in their website privacy policies through sneaky wording they place in their rarely read "Terms of Use" statements. Over the past few months I have heard from...
CAN-SPAM: Record Judgment Along With Updated Rules
I was at the Secure360 conference (a fabulous event, btw) this week, and I'm just getting to an important current topic: CAN-SPAM. On Monday (5/12) the FTC announced an update to the Controlling the Assault of Non-Solicited Pornography and Marketing...
Did You Know This Was National Consumer Protection Week?
Here's another event related to compliance, information security and privacy to put on your calendar... This is National Consumer Protection Week (NCPW) in the U.S....
Have You Reviewed the FTC's Proposed Privacy Principles Yet?
If you are responsible for information security or privacy at your organization, and your organization does marketing, here is something you need to know about and discuss with your marketing folks. I blogged about this in December....
Have You Looked In Your Trash Bins Lately?
It shouldn't still amaze me, but it does, how often so many organizations just dump huge amounts of printed paper containing tons of personally identifiable information (PII) right into their dumpster sitting behind their building, in the alley, or some...
Identity Theft #1 Consumer Fraud Complaint To FTC in 2007
This week the FTC released the list of the top 20 consumer fraud complaints they received in 2007. Not surprisingly, identity theft topped their list, accounting for 32% of all the complaints....
FTC Hands Down Another FTC Act Noncompliance Penalty For Bad Online Application Security
Yesterday the U.S. Federal Trade Commission (FTC) handed down yet another penalty against an online retailer, Life is good, Inc., for not properly safeguarding their online ecommerce applications. The FTC charged they were in violation of the FTC Act because...
New FTC Spam & Phishing Report
On December 28 the U.S. Federal Trade Commission (FTC) made a new report available to the public, "Spam Summit: The Next Generation of Threats and Solutions." The report describes the findings from a July 2007 workshop the FTC hosted, and...
FTC Behavioral Advertising Privacy Principles: Give Them Your Feedback!
On December 10 the U.S. Federal Trade Commission (FTC) announced that the FTC commissioners voted unanimously to have principles to govern online behavioral advertising. At the same time they released their proposed principles to guide the development of self-regulation in...
FTC Fines Mortgage Co. For Tossing PII Into Dumpster: FACTA/FCRA, GLBA, & FTC Act Violations
On December 17 the U.S. Federal Trade Commission (FTC) fined and penalized American United Mortgage Company for throwing the personally identifiable information (PII) and financial information of its customers and consumers into an open, publicly-accessible dumpster. Under the terms of...
FTC Continues Active Compliance Enforcement: Applies $7.7 Million In Fines To 6 Do-Not-Call Violators
This week the FTC once again demonstrated that they aggressively enforce compliance with those regulations for which they have responsibility. In their press release, "FTC Announces Law Enforcement Crackdown on Do Not Call Violators" they detail their recent actions against...
Definitions For the Identity Theft Prevention Program Rule Under FACTA & Questions For Your Organization
In addition to some great followup questions I got from Andy in response to my blog posting yesterday, "FTC Now Requires Organizations to Have an Identity Theft Prevention Program" I have also received some interesting questions from others about the...
FTC Now Requires Organizations to Have an Identity Theft Prevention Program
Did you know that if you are a U.S. financial organization, *AND/OR* if you have information about your U.S. customers with which identity theft could occur, you are now legally required to have a documented Identity Theft Prevention Program to...
APEC Privacy Framework: Viewpoints from the FTC, TRUSTe & Marty Abrams
One of the sessions I attended at the IAPP Privacy Academy this past week was "APEC Update - Self Regulatory Approaches to Cross Border Transfers of Personal Data." The presenters were: Pamela Jones Harbour, Commissioner, Federal Trade Commission (FTC), Marty...
Many Kinds of Identity Theft Cause Many Types of Long Lasting Negative Impacts
I want to revisit the blog posting I made a few days ago, "Average Cost of ID Theft Per Victim is $31,356" Some folks gave me some feedback, saying that they thought this cost was way too high based upon...
New FTC Report Provides Organizations Good Guidance For Protecting PII
Today the U.S. Federal Trade Commission (FTC) released a report, "Combating Identity Theft: Implementing a Coordinated Plan."...
Would You Be More Inclined To Work For A Company That Gave You Identity Theft Insurance As A Benefit?
Last year I had a couple of different identity theft insurance vendors contact me wanting me to endorse their products as they were trying to sell the packages to employers to offer to their employees as part of their total...
Your Name May Be Falling Off the Do Not Call List Soon!
I recently did a privacy impact assessment (PIA) for a marketing company and remembered that the U.S. Do Not Call list entries expire after 5 years! Most people do not realize this...did you know this?...
Privacy Initiatives Sincere Or Marketing Ploy?
Yesterday San Jose Mercury News printed a story about how Yahoo, Microsoft and Ask are going to "limit" the personally identifiable information (PII) they collect online....
New Social Engineering Scheme Targets Military Families
Every week...sometimes daily...it seems there is a new type of social engineering attack targeting specific groups. The social engineering fraudsters are pretty creative and many adept at exploiting the vulnerabilities and weaknesses of these groups. They use face-to-face methods, phone...
Information Security: Laws Require Secure Disposal of Information in All Forms; Using BS 8470:2006 for Compliance
Many information security incidents have occurred through non-technical means by simply and thoughtlessly throwing away printed documents into publicly-accessible trash bins, or even putting computers and sensitive documents out on the streets. I have blogged about this several times, such...
SMBs, Identity Theft & Insider Threat: Bad SMB Security Impacts Organizations of All Sizes
There are many articles written about the insider threat, several have been done, and often the focus is on large organizations where those employees with malicious intent are often either in positions of trust way down in the org chart,...
Privacy Act: FTC Proposes Allowing Disclosure of PII Records to Third Parties To Assist Data Breach Response Within Gov't Agencies
On March 29 the FTC published a proposed new routine use, (72 Fed. Reg. 14814, 3/29/07), that would allow FTC records governed by the Privacy Act to be disclosed to "appropriate" persons and entities when reasonably necessary to respond and...
Most U.S. Government Agencies Still Not E-FOIA Compliant 10 Years Following Enactment; Disregard for Laws Also Leads to Disregard for Security Requirements
On March 12 the National Security Archive at George Washington University issued their report, "The Knight Open Government Survey 2007." Basically the study looked at how many of the 149 U.S. government agencies they surveyed were in compliance with the...
Over 100 FACTA Lawsuits Filed in California Against Businesses Printing PII on Receipts; Are You In Compliance With All FACTA Requirements?
I read with interest an article in today's issue of the BNA Privacy and Security Law Report about over 100 lawsuits that have recently been filed within the California federal courts because of the amount of personally identifiable information (PII)...
"Protecting Personal Information: A Guide for Business": Free from the FTC
Today the U.S. Federal Trade Commission (FTC) released a 24-page guide, "Protecting Personal Information: A Guide for Business" Within the guide the FTC advises businesses to protect personally identifiable information (PII) through the following actions:...
FTC's COPPA Report Recommends Larger Penalties and More Education
The February 2007 FTC Report to Congress, "Implementing the Children’s Online Privacy Protection Act" (COPPA) provides a good look into the compliance actions and failures of numerous organizations to appropriately comply with this law designed to protect the privacy of...
Exploring Identity Verification Solutions and Identity Theft Prevention
Earlier this week the FTC announced in a press release an identity theft prevention workshop they are hosting April 23 - 24....
Privacy Breach: Johns Hopkins University Lost Personal Information on 135,000 Individuals
There now seem to be so many privacy breaches that it is hard to choose which one to discuss... Last Wednesday, 2/7, Johns Hopkins University reported personal information on 135,000 employees and patients on nine backup tapes were missing that...
FTC: Speech Highlights Need for All Organizations To Address Information Security and Privacy & Education On These Topics
The transcript of FTC Chairman Deborah Platt Majoras' keynote on February 6 at the RSA conference, "ID Theft and Cyber-crime: Where Thieves Victims, Industry and Government Intersect" is available on the FTC site. I've often stressed how the FTC Act...
PCI DSS and GLBA Compliance & Privacy Breach: Lawsuits Filed Against TJX
Let's look at the events that have occurred with the recent TJX computer hack and resulting privacy breach and identity thefts:...
Free Awareness from the FTC: Phishing
I ran across this on the FTC site, an email to send to folks that links to an animation to help make them aware of phishing messages; isn't this cool!? The FTC sight provides this as an awareness raising communication....
CAN-SPAM Violation: TJ Web Productions Must Pay $465,000 Fine And Perform Additional Actions for 5 Years
Yesterday the U.S. FTC and Department of Justice jointly announced a $465,000 penalty against TJ Web Productions for violating the CAN-SPAM Act....
Regulatory Compliance Actions Must Include Effective, ongoing Awareness and Training Efforts
A great article was published on Law.com today written by Ryan Sulkin, "First Line of Defense Against Data Security Breaches: Employees." There are several points made that I hope business leaders read and take to heart....
FTC Provides Claims Forms for Individuals Impacted by the 2004 Choicepoint Incident
On December 6, 2006, the U.S. Federal Trace Commission (FTC) made claims form available for anyone who believes they had identity theft occur as a result of the Choicepoint security incident late in 2004 involving at least 163,000 individuals. Since...
FTC Report on FACTA Effectiveness: Highlights the Need for Better Data Accuracy Practices
Today the FTC released their report, "Second Interim Report of the Federal Trade Commission to Congress Under Section 319 of the Fair and Accurate Credit Transactions Act of 2006." Before I comment on the report, as an interesting aside, one...
More About the FTC Tech-ade Public Hearing
I just found a blog for the FTC Tech-ade public hearing I just posted about; the Tech-Ade Blog. Some very interesting thoughts about a wide range of topics!...
FTC Public Hearing Presenters Forecast Privacy Concerns For the Next 10 Years
The Federal Trade Commission (FTC) held a public hearing Nov. 6-8 at George Washington University to discuss the ways in which technological and business developments will impact consumers' experiences in the next 10 years....