ANSI and CBBB Announce Plans to Create Standards for ID Theft Prevention & ID Management

Yesterday (6/26) a Market Wire news story reported ANSI was partnering with the Council of Better Business Bureaus (CBBB) to establish a new standards panel to address identity theft prevention and identity management standards. 

This is a good proactive move; if a comprehensive federal law cannot (or will not) be created to address data protection and privacy in a way that provides good guidance and data protection requirements for all types of businesses, then it makes sense that non-profit organizations step up to grab the bull by the horns and provide sound guidance…actionable standards for businesses to use to demonstrate due care while also protecting information using realistic means.  That is my hope for such standards, anyway.  (I’m optimistic)

This partnership was actually announced by ANSI on 6/23.  The following is an excerpt:

"The prospective panel would serve to identify existing published standards (and those in development) as they pertain to identity theft protection as well as identify areas of need where updated or newly developed standards would further minimize the threat of identity theft or enhance identity management.

Standards pertinent to the panel’s work may cover areas such as:

  • Protocols for managing sensitive customer data — Access, management, storage, and disposal;
  • Employment records management, storage, access and disposal;
  • Employee qualifications and training to handle sensitive data;
  • Criteria for selecting contractors who use or maintain organizational data;
  • Remedies to quickly recapture and restore the integrity of stolen identities or other personally-identifiable information;
  • The possible utility of universal identifiers as a tool to combat identity theft and fraud;
  • Protocols to anticipate new identity theft tactics as the marketplace continues to evolve."

Well, this list isn’t definitive; notice the news release indicated the "work may cover" these areas. 

Some of the items in the list are also noble, but lofty, goals…particularly the last three listed.  However, it is good that these issues will be addressed by organizations that will hopefully have people involved with the project who are knowledgeable in information security, privacy and realistic business practices.

I’ll monitor activity and see where the initiative goes…hopefully it will be a vast improvement!

Technorati Tags

Leave a Reply