Posts Tagged ‘FTC’

Despite 45+ U.S. Federal and State Laws, SSNs Still Widely Misused & Breached…Why?

Wednesday, August 20th, 2008

It amazes me how many news articles are frequently reported that are related to the misuse or breach of social security numbers (SSN). Today just a few the stories that popped up included:


New Website Seal For Companies Participating In The EU Safe Harbor Program

Sunday, August 3rd, 2008

Something I’ve been spending a lot of work on this summer is creating management tools to help information security and privacy practitioners do their jobs more effectively and efficiently. In the past three months I’ve had over a dozen CISOs and CPOs call me and ask if I had specific types of tools to help them with their information security, privacy and compliance efforts and iniatives. One of the tools will help them with managing their programs and processes for, along with the many complex issues involved with, transferring personally identifiable information (PII) with any of the 27 European Union (EU) contries to the U.S. and other countries. One of the areas involved with tackling this issue is whether or not to participate in the Safe Harbor program.
So, I was very interested to read that the U.S. Commerce Department announced a new certification mark/seal for organizations to put on their websites to show that they have self-certified compliance with the Safe Harbor Framework requirements.


Free Info Sec & Privacy Training Hosted By The FTC and COPP

Thursday, July 31st, 2008

If you’re in the Los Angeles area on August 13, here’s what looks to be a good, FREE, day of getting information security and privacy training hosted by the U.S. Federal Trade Commission (FTC) and the California Office of Privacy Protection (COPP).
If you are a company with no dedicated information security or privacy position, like most small and medium sized businesses (SMBs), then go to this event to hear WHY you need to make efforts to safeguard your customers’ and employees’ personally identifiable information (PII). Hey, if you’re in the area, it’ll only cost your time!
Here’s the full announcement…


15 Actions/Penalties Brought By FTC Under GLBA + FTC Act

Monday, July 7th, 2008

The FTC has long provided a great role model for other government oversight and enforcement agencies with regard to their activities in ensuring organizations follow data protection laws and also ensure organizations actually fulfill the promises they make within their published information security and privacy policies. It is too bad most of the other government agencies are not as diligent or nearly as effective in helping to ensure organizations sufficiently protect personally identifiable information (PII).
While doing some research today I compiled a list of the actions the FTC has taken, which I thought may be useful to some of you as well…


Do Your Terms Of Use Try To Gut Your Privacy Policy Promises?

Sunday, May 18th, 2008

I see a growing trend in organizations trying to gut the promises made in their website privacy policies through sneaky wording they place in their rarely read “Terms of Use” statements.
Over the past few months I have heard from some CISOs and CPOs who are concerned at some of the wording that their legal counsels are suggesting they put on their web sites. And rightly so. Why? Because the considered “Terms of Use” statements seem to be, 1) trying to eliminate all liability to the organization for anything bad that happens to the personally identifiable information (PII) submitted to or accessed from the site; 2) basically nullifying the posted privacy policy; and 3) trying to require the website user to agree to these terms just by using the site…no active acknowledgment or agreement necessary.
Here is a composite from around half of a dozen of these worrisome passages from the considered drafted Terms of Use statements that I’ve seen…


CAN-SPAM: Record Judgment Along With Updated Rules

Thursday, May 15th, 2008

I was at the Secure360 conference (a fabulous event, btw) this week, and I’m just getting to an important current topic: CAN-SPAM.
On Monday (5/12) the FTC announced an update to the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) law.


Did You Know This Was National Consumer Protection Week?

Tuesday, March 4th, 2008

Here’s another event related to compliance, information security and privacy to put on your calendar…
This is National Consumer Protection Week (NCPW) in the U.S.


Have You Reviewed the FTC’s Proposed Privacy Principles Yet?

Monday, February 25th, 2008

If you are responsible for information security or privacy at your organization, and your organization does marketing, here is something you need to know about and discuss with your marketing folks. I blogged about this in December.


Have You Looked In Your Trash Bins Lately?

Monday, February 18th, 2008

It shouldn’t still amaze me, but it does, how often so many organizations just dump huge amounts of printed paper containing tons of personally identifiable information (PII) right into their dumpster sitting behind their building, in the alley, or some other easily reachable public location.
Here’s yet another example of a business throwing away people’s privacy in their trash dumpster…


Identity Theft #1 Consumer Fraud Complaint To FTC in 2007

Friday, February 15th, 2008

This week the FTC released the list of the top 20 consumer fraud complaints they received in 2007.
Not surprisingly, identity theft topped their list, accounting for 32% of all the complaints.