O'Reilly logo

Preventing Identity Theft in Your Business by Judith M. Collins

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 5LEGAL REQUIREMENTS FOR BUSINESSES

Businesses are required under several federal laws to develop, implement, and document evidence for “information security programs,” or they risk being fined. But problems with the laws are innumerable: they are too broad and too flexible; they fail to cover “people” within businesses who are given access to personal information; and they do not concern the “work processes” the people perform, such as financial transactions using applications containing personal information. Moreover, the laws do not state how to develop the specified information security program and, except for expecting information technology (IT) to secure computers and networks, the laws do not provide uniform security standards.

This failure to require security standards is particularly problematic because, as discussed in Chapter 4, personal information is widely disseminated worldwide. Databases of information distributed around the world to second, third, and other parties are under no one’s control and therefore are uncontrollable. Surprisingly, of the many laws enacted to prevent identity theft, not one contains provisions that actually would secure identities.

MANY LAWS

Five federal laws require information security, including the Fair Credit Reporting Act (FCRA), the Privacy Rule of the Federal Trade Commission (FTC), the Banking Guidelines, the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Safeguards Rule (GLB ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required