PROTECTION OF CUSTOMER INFORMATION
In 1999 President Clinton signed into law the Gramm-Leach-Bliley Act. That Act authorized the Federal Trade Commission to regulate the disclosure of nonpublic personal information of customers. The Federal Trade Commission has now promulgated final rules that go into effect on August 1, 2009 for the protection of nonpublic personal information of customers. The FTC announced July 29, 2009 that they would delay enforcement until November 1, 2009. This act applies to any entity that regularly extends, renews or continues credit. Creditors include employers and businesses that provide services and bill later, including many professionals. In short, if you acquire nonpublic personal information from customers you are probably going to have to comply with these regulations. Accepting credit cards as a form of payment does not in and of itself make an entity a creditor.
Under the Commissions new “Red Flags Rules” you must develop a written program that identifies and detects the relevant warning signs (red flags) of identity theft. These may include unusual account activity, fraud alerts on a consumer report or attempted use of suspicious account application documents.
The program must describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The program must be managed by the Board of Directors or senior employees of the company, include appropriate staff training and provide for oversight of any providers of credit information that you use in the business.
Disposal of information contained in consumer reports or information derived from consumer reports is now also regulated by the FTC. Reports that businesses or individuals receive with information relating to employment background, check writing history, insurance claims, residential or tenant history or medical history are consumer reports. The FTC Disposal Rule requires disposal practices that are reasonable and appropriate to prevent the unauthorized access to or the use of information in a consumer report. For example, reasonable measures for disposing of consumer report information could include establishing and complying with policies to burn, pulverize or shred papers containing consumer report information so that the information cannot be read or reconstructed; destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed; conduct due diligence and hire a document destruction contract to dispose of material specifically identified as consumer report information.
By Bruce W. Shand, guest writer
Bruce's practice focuses on estate planning and tax related issues. He can be contacted at bwshand@earthlink.net.
Under the Commissions new “Red Flags Rules” you must develop a written program that identifies and detects the relevant warning signs (red flags) of identity theft. These may include unusual account activity, fraud alerts on a consumer report or attempted use of suspicious account application documents.
The program must describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The program must be managed by the Board of Directors or senior employees of the company, include appropriate staff training and provide for oversight of any providers of credit information that you use in the business.
Disposal of information contained in consumer reports or information derived from consumer reports is now also regulated by the FTC. Reports that businesses or individuals receive with information relating to employment background, check writing history, insurance claims, residential or tenant history or medical history are consumer reports. The FTC Disposal Rule requires disposal practices that are reasonable and appropriate to prevent the unauthorized access to or the use of information in a consumer report. For example, reasonable measures for disposing of consumer report information could include establishing and complying with policies to burn, pulverize or shred papers containing consumer report information so that the information cannot be read or reconstructed; destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed; conduct due diligence and hire a document destruction contract to dispose of material specifically identified as consumer report information.
By Bruce W. Shand, guest writer
Bruce's practice focuses on estate planning and tax related issues. He can be contacted at bwshand@earthlink.net.
posted by Randy B. Birch @ 3:21 PM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home