FTC Getting Serious About Identity Theft Safeguards

The rule is intended to detail systemic procedures put in place to prevent breaches and theft of private electronic data. The plans pertain to the entire data life cycle, including data in motion, data at rest and end of life scenarios. The new rules apply to businesses that collect and store sensitive personal information, including names, addresses, Social Security numbers, bank-account and credit-card numbers, etc. Included in the new rules are retailers, financial institutions, credit card issuers, educational institution, medical facilities, government agencies and trade associations.

Authorized under the Fair and Accurate Credit Transactions Act, the new “Red Flag” rules apply to a broader range of businesses than previously targeted. It authorizes fines of up to $3,500 per incident.

The Gramm-Leach-Bliley Act grants authority to eight federal agencies and individual states to administer and enforce the Financial Privacy Rule and the Safeguards Rule. These two regulations apply to “financial institutions,” which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities. Such non-traditional “financial institutions” are regulated by the FTC.

For an in depth treatment of end-of-life PC / Hard drive sanitation practices, please visit this link.