Posts Tagged ‘FCRA’

Legal Requirements for Information Security and Privacy Awareness and Training

Wednesday, March 30th, 2011

Earlier today following my online seminar, “Effective Training and Awareness: The Key to Information Security Success”  (http://gocsi.com/Training2011/OD/Awareness), I received the following question: 

 Where might I locate a summary breakdown of training regulations by industry? i.e. Pharma 

(more…)

FTC’s New Red Flags Rules FAQ

Thursday, June 11th, 2009

Today the US FTC released “Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies.”
Here are a couple important things to take away from this FAQ…

(more…)

FTC Fines Mortgage Co. For Tossing PII Into Dumpster: FACTA/FCRA, GLBA, & FTC Act Violations

Wednesday, December 26th, 2007

On December 17 the U.S. Federal Trade Commission (FTC) fined and penalized American United Mortgage Company for throwing the personally identifiable information (PII) and financial information of its customers and consumers into an open, publicly-accessible dumpster.
Under the terms of the penalty, American United Mortgage Company must:

(more…)

Definitions For the Identity Theft Prevention Program Rule Under FACTA & Questions For Your Organization

Friday, November 2nd, 2007

In addition to some great followup questions I got from Andy in response to my blog posting yesterday, “FTC Now Requires Organizations to Have an Identity Theft Prevention Program” I have also received some interesting questions from others about the new Identity Theft Prevention Program Rule, along with having the opportunity to have some interesting discussions with several folks today, such as Linda McGlasson at bankinfosecurity.com.

(more…)

Definitions For the Identity Theft Prevention Program Rule Under FACTA & Questions For Your Organization

Friday, November 2nd, 2007

In addition to some great followup questions I got from Andy in response to my blog posting yesterday, “FTC Now Requires Organizations to Have an Identity Theft Prevention Program” I have also received some interesting questions from others about the new Identity Theft Prevention Program Rule, along with having the opportunity to have some interesting discussions with several folks today, such as Linda McGlasson at bankinfosecurity.com.

(more…)

Employee Privacy & New Credit Check Law In Washington State Impacts Employers: Joins Similar Laws In 4 Other States

Friday, May 4th, 2007

Doing background checks on potential employees, and regularly for certain positions with significant access to personally identifiable information (PII) or managemen capabilities, has been a growing trend in recent years. Such checks are viewed as ways to help prevent putting untrustworthy and significant at-risk individuals into positions where they could perform malicious and/or criminal activities.

(more…)

Information Security: Laws Require Secure Disposal of Information in All Forms; Using BS 8470:2006 for Compliance

Friday, April 20th, 2007

Many information security incidents have occurred through non-technical means by simply and thoughtlessly throwing away printed documents into publicly-accessible trash bins, or even putting computers and sensitive documents out on the streets. I have blogged about this several times, such as here, here, and here.

(more…)

Over 100 FACTA Lawsuits Filed in California Against Businesses Printing PII on Receipts; Are You In Compliance With All FACTA Requirements?

Monday, March 19th, 2007

I read with interest an article in today’s issue of the BNA Privacy and Security Law Report about over 100 lawsuits that have recently been filed within the California federal courts because of the amount of personally identifiable information (PII) that is printed on credit and debit card receipts.

(more…)

Over 100 FACTA Lawsuits Filed in California Against Businesses Printing PII on Receipts; Are You In Compliance With All FACTA Requirements?

Monday, March 19th, 2007

I read with interest an article in today’s issue of the BNA Privacy and Security Law Report about over 100 lawsuits that have recently been filed within the California federal courts because of the amount of personally identifiable information (PII) that is printed on credit and debit card receipts.

(more…)

Privacy Breach: Johns Hopkins University Lost Personal Information on 135,000 Individuals

Sunday, February 11th, 2007

There now seem to be so many privacy breaches that it is hard to choose which one to discuss…
Last Wednesday, 2/7, Johns Hopkins University reported personal information on 135,000 employees and patients on nine backup tapes were missing that had been given to a contractor, Anacomp Co. Inc., to make microfiche backups.

(more…)