JENNIFER RICH PITTMAN News • Innovation • Stories of a Community

JOURNALIST • EDITOR • DIGITAL STORYTELLING

New rule would require businesses, state agencies to do more about data breaches

Santa Cruz Sentinel

As many as 9 million Americans have their identities stolen each year, according to the Federal Trade Commission, which is pressing businesses to step up their levels of data oversight under a new red flags rule that is under consideration.

The rule would require financial institutions and creditors subject to enforcement by the agency to develop and implement written identity theft prevention programs. Companies have been asked to help identify, detect and respond to patterns, practices or specific activities — known as “red flags.”

Additional employee training, reporting and notification laws are in effect and fines and penalties are onerous, said Alan Smith, a Scotts Valley business consultant who works with businesses in the area of data security.

“There are a ton of laws right now forcing businesses to be the prevention arm,” Smith said.

California was the first state to enact in 2003 a data breach notification law that required companies and state government agencies to notify individuals when their personal information has been compromised. A new bill, introduced by Sen. Joe Simitian, D-Palo Alto, was passed by the California Senate in April. It updates the existing law by requiring that notification letters contain specifics about the data-loss incident, including the type of personal information exposed, a description of the incident and advice on steps to take to protect oneself from identity theft. Simitian calls it “the logical next step.”

“No one likes to get the news that personal information about them has been stolen,” said Simitian in a prepared statement. “But when it happens, people are entitled to get the information they need to decide what to do next.”

At least 347 million sensitive records have been compromised nationwide since 2005, according to Privacy Rights Clearinghouse, a nonprofit consumer education and advocacy group. Twenty-eight percent of the people getting data breach notification letters don’t understand the potential consequences of the incident even after reading the letter, according to a survey by the Samuelson Law, Technology & Public Policy Clinic at UC Berkeley.

For information about the red flag rule, visit http://www.ftc.gov/redflagsrule

This article first appeared here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Information

This entry was posted on July 18, 2010 by in Business, Technology.

Categories

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 236 other followers

Twitter Updates

%d bloggers like this: