Compliance Counts: Make sure you know about Identity Theft Protection Laws
It is no secret identity theft can have damaging affects on consumer lives and businesses alike. Consumer outcry this past decade demanding businesses protect their personal information (PI) has been the driving force behind formation of state and federal protection legislation.
Identity theft and privacy legislation should be viewed as a wakeup call for all businesses. When asked, at a Security Conference in San Francisco, how businesses are suppose to know of the existence of identity theft legislation Former Federal Trade Commission (FTC) Chairman Deborah Platt Majoras responded by saying “It is the responsibility of anyone in business to seek out information on applicable identity theft laws which require compliance.”
For the past decade, lawmakers have been crafting and amending identity theft legislation in direct response to the millions of victims filing complaints received at the FTC in addition to the growing list of businesses who have experienced networks hacks and data breaches.
Since 2008, attacks against small business have been on the rise. Simply said, any business collecting personal information (i.e., name, address, phone, banking info, SSN, driver license, email addresses etc.), is a target. Those collecting PI are in scope of compliance and must look to laws as guidance in protecting all sensitive information collected in the course of conducting business.
Oregon ID Theft Law
Oregon businesses should pay particular attention to the “Oregon Identity Theft Consumer Protection Act” as this requires certain business practices be in place which not only protects customers but full compliance also serves to protect businesses against fines, penalties, sanctions, civil lawsuits and mounting defensive legal bills.
Federal ID Theft Law
Another federal privacy law, “Red Flags Rule” went into effect November 1, 2008. After several years of debate coupled with lawsuits filed by healthcare and legal organizations, the FTC enforcement of this law finally went into affect January 1, 2011. Businesses in scope of compliance with Red Flags Rule are those who directly extend “credit” for purchases of goods and services to customers or businesses using 3rd party financing in conjunction with sharing collected PI with the credit bureaus.
Payment Card Industry Requires Compliance
If a business accepts bank cards for transactions or payments, that business also needs to be in full compliance with the payment card industry data security requirements known as “Payment Card Industry Data Security Standards” or “PCI DSS”. Failure to adhere to payment card compliance standards can also result in fines and penalties in addition to those issued by state and federal agencies.
IT Support & Security Compliance Myth
Many small business owners are under assumption and misconception the person or contract business tasked with managing their IT services have compliance requirements well under control. This cannot be further from reality. Truth is, it is rare the responsibility of compliance is even a function of services provided by anyone conducting IT support ¾ meaning most likely a small business not addressing compliance internally as part of its best practices is out of full compliance with state and federal privacy laws as well as payment card industry requirements.
To learn more about identity theft legislation and the impact on your business, Mercy Corps Northwest invites you to register for “How Identity Theft Laws Impact Your Business” to be held on Tuesday, May 17th
About the Presenter
Brenda Eaden has enjoyed a rich 20+ year background within the technology industry. Career emphasis has been in the area of sales management, marketing, development of education courses and computer security tools coupled with teaching and training.
Overseeing constant global research and working closely with state and federal policy makers have been key components in IDTELi’s ability to provide this country with its first formal cross-industry education courses on identity theft awareness and prevention.
As a subject matter expert on identity theft, Brenda is frequently sought out to speak on the topic of ID theft, laws and available Security Compliance Tools before television and organization audiences.