Yesterday (6/26) a Market Wire news story reported ANSI was partnering with the Council of Better Business Bureaus (CBBB) to establish a new standards panel to address identity theft prevention and identity management standards. 

This is a good proactive move; if a comprehensive federal law cannot (or will not) be created to address data protection and privacy in a way that provides good guidance and data protection requirements for all types of businesses, then it makes sense that non-profit organizations step up to grab the bull by the horns and provide sound guidance…actionable standards for businesses to use to demonstrate due care while also protecting information using realistic means.  That is my hope for such standards, anyway.  (I’m optimistic)

This partnership was actually announced by ANSI on 6/23.  The following is an excerpt:

"The prospective panel would serve to identify existing published standards (and those in development) as they pertain to identity theft protection as well as identify areas of need where updated or newly developed standards would further minimize the threat of identity theft or enhance identity management.

Standards pertinent to the panel’s work may cover areas such as:

• Protocols for managing sensitive customer data — Access, management, storage, and disposal;
• Employment records management, storage, access and disposal;
• Employee qualifications and training to handle sensitive data;
• Criteria for selecting contractors who use or maintain organizational data;
• Remedies to quickly recapture and restore the integrity of stolen identities or other personally-identifiable information;
• The possible utility of universal identifiers as a tool to combat identity theft and fraud;
• Protocols to anticipate new identity theft tactics as the marketplace continues to evolve."

Well, this list isn’t definitive; notice the news release indicated the "work may cover" these areas. 

Some of the items in the list are also noble, but lofty, goals…particularly the last three listed.  However, it is good that these issues will be addressed by organizations that will hopefully have people involved with the project who are knowledgeable in information security, privacy and realistic business practices.

I’ll monitor activity and see where the initiative goes…hopefully it will be a vast improvement!

Technorati Tags
information security
IT compliance
privacy standards
corporate governance
awareness and training
identity theft
data protection standards
privacy

This entry was posted on Tuesday, June 27th, 2006 at 9:03 pm and is filed under Privacy and Compliance. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.