IDENTITY THEFT
LOSS PREVENTION
The growing awareness of corporate vulnerability to information security incidents, and the damages that have ruined the lives of the innocent victims, have federal and state regulators attention. If ANY business has a loss or breach of sensitive information, either propagated maliciously, or by human error, enforcement agencies will take action.
Under the Federal Trade Commission Act, the FTC is empowered, among other things, to:
- prevent unfair methods of competition, and unfair or deceptive acts or practices in or affecting commerce;
- seek monetary redress and other relief for conduct injurious to consumers;
- prescribe trade regulation rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices;
- conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce; and
- make reports and legislative recommendations to Congress.
There can be "safe harbor" for businesses that make a reasonable effort to safeguard confidential and sensitive information. This includes:
- The designation of an Information Security Officer.
- A risk assessment of material internal and external risks to the security of confidential and sensitive information.
- The design and implementation of a written Information Security Policy.
- Mandatory employee training on security policies.
- The evaluation and adjustment of the program in light of the results of testing and ongoing monitoring of the program.
- A plan for security incidents.
