Do You Comply?

According the Betsy Broder of the FTC,

“We will act against businesses that fail to protect their data… She understands that most small businesses cannot be expected to hire a full time privacy specialist but adds that all businesses must be able to show they have a security plan in place.  “We’re not looking for a perfect system. But we need to see that you’ve taken reasonable steps to protect your customers’ information”.

-“Stolen Lives”, ABA Journal, March 2006

Do you know the 3 major pieces of legislation affecting you company?

Fair and Accurate Credit Transactions Act (FACTA)
Applies to every business and individual who maintains, or otherwise possesses, consumer information for a business purpose.

HIPAA Security Rule
Applies to any organization or individual who retain or collect health information.

Gramm, Leach, Bliley Safeguard Rule
Applies to any organization that maintains personal financial information regarding its clients or customers.

Every business is affected by one or more of these pieces of legislation.  These safeguard and security rules require businesses to take documented steps to prove they are in compliance. 

Not only will you face state and federal action for non-compliance, but according to CIO Magazine, The Coming Pandemic, Michael Freidenberg, May 15, 2006, “If you experience a security breach, 20 percent of your affected customer base will no longer do business with you, 40 percent will consider ending the relationship, and 5 percent will be hiring lawyers!”

Stop putting your business at risk for closure, major fines, litigation, and more.
To learn about what you can do to lower your company’s risk, contact:

Alvin Cooper III
Group Securities Specialist

The Basic FACTA

The FTC’s latest FACTA rule requires any business “that maintains or otherwise possesses consumer information, or any compilation of consumer information, derived from consumer reports for a business purpose” to “properly dispose of such information or compilation.” Both FACTA and the new rule are supposed to cut down on the incidences of identity theft by, among other methods, restricting the ability of thieves to go “dumpster diving” for valuable consumer information contained in discarded business records.

HIPAA Security Rule
General Rule Provisions
Section 164.306, the statement of the general Rule, requires covered entities to:

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information (EPHI) the covered entity creates, receives, maintains, or transmits;
  • Protect against any reasonably anticipated threats or hazards to the security or integrity of such information;
  • Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the Privacy Rule; and
  • Ensure compliance by its workforce.

Gramm-Leach-Bliley Act

As of May 23, 2003, all US companies are expected to comply with the Gram-Leach-Bliley Act (GLBA). This law was passed in November 1999 to mandate that all companies protect the security and confidentiality of their customers private information. For financial institutions and other businesses, this means identifying security risks and implementing solutions to guarantee that all of its customers data remains safe and secure from would-be data thieves, hackers, and storage mishaps.

Print Friendly