dit report per year from each of the 3 reporting agencies due to the proliferation of ID theft that has only gotten worse. Gramm, Leach, Bliley Safeguard Rule (fed legislation since 1999) the compliance deadline was in 2001 GLB, has a broad spectrum of qualifications, requirements and regulating parties. Eight agencies and the states are charged with managing and enforcing the regulations.

GLB applies to a broad range of businesses that collect the personal financial information of their clients! The two regulations of GLB are the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule addresses the collection and dissemination of customers’ information while the Safeguard rule governs the processes and controls an organization's uses to protect customers’ financial information.

The Safeguard Rule is enforced by the Federal Trade Commission. In addition to public embarrassment of non-compliance, organizations may be fined thousands of dollars a day while they are non-compliant.

GLB calls for businesses to:

1. Ensure the security and confidentiality of customer information;

2. Protect against any anticipated threats or hazards to the security or integrity of such information; and

3. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

In a nutshell, it requires that regulated companies do the following:

Specify a person or group of people to be responsible for GLB compliance. Identify security risks involving customer information. Assess existing safeguards for protecting the privacy of customer information. Implement any additional safeguards that are needed. Monitor the effectiveness of safeguards. Ensure t

Due to the soaring cost to individuals and business of identity theft our state and Federal legislatures have passed some VERY stringent laws that apply to all businesses with one or more employees. Non compliance could cost business owners personally or their business up to $1million in fines and up to 10 years in prison. There is federal legislation as well as many state laws that require business owners to secure all personal information (social security numbers, driver's license numbers, credit card numbers, date of birth, etc.) of their clients and employees. 87% of business are not aware that these laws affect them or that they even exist. Non compliance could result in the closing of the business, fines, penalties, criminal and civil litigation and in fact Identity Theft issues are expected to be THE next hot class action target.

What is driving this crack down on business you may ask. Did you know that as of this year, 38 states have passed laws that require business owners to see a passport or Social Security card from each employee. The Social Security administration admits that we have 15,000,000 illegal aliens in the country but business experts put that number between 25,000,000 to 30,000,000. All of those people need social security numbers in order to be hired. For arguments sake, let's assume there are only 15,000,000 illegals. If each one of those folks paid just $10 in FICA withholding each week, $150,000,000 would be going to the Social Security Administration on a weekly basis. Given they are $4 TRILLION in the hole, they have NO incentive to let the actual owner of the Social Security number know that another 10, 20, 80 people are using that same Social Security number since they only have to pay out to the real owner. But the IRS is going to take a real interest when they see how much "you" earned at your 10, 20 or 80 different jobs and none of "you" did the proper withholding.

Disgruntled workers with access to the data files of their employer's clients or the other employees in the company, can make a lot of money selling little pieces of you. They can sell your Social Security number Identity for $100, they can sell your credit card info (financial identity)for $50-$100 per card, they can sell you medical insurance information for $60 and they can sell your driver's license identity for $150, which will have a negative impact on your character/criminal identity if they decide to rob a liquor store and get caught with "your" driver's license. Anyone who has been noticing, 2 of last year's Reader's Digest covers will already know the devastation caused by medical identity theft.

The government recently decided that the DMVs of each state needed to be able to recognize what the actual driver's licenses of all the other states looked like so that when a resident of Florida moves to California, the CA DMV can recognize a "real" Florida license. So the Feds made up a little book with the EXACT specifications on each state's driver's license. About a week after that book was distributed to each state's DMV it was already being sold on the internet. A new and very lucrative business has sprung up because of that book. All a criminal needs is a laptop computer, a printer, a laminator and that little book and they have themselves a prosperous criminal enterprise. The police can not tell the difference between the "real" license and the fake one. In fact they can't tell the difference between the "data base you" and the you who is looking at yourself in the mirror. The data base you has gone on a crime spree and given the police a copy of a driver's license with YOUR number and another address on it. You never get the notice to appear and they sure aren't going to show up at your trail, so a bench warrant goes out in your name and the next time you are stopped for some routine traffic violation, the real you is going to jail. How many times do the criminals say, "OK, you got me." Isn't the regular drill something like, "You've got the wrong guy. It wasn't me." Except this time it WAS the data based you. The second most prevalent form of identity theft reported to the Federal Trade Commission involves people committing crimes in another person's name. Imagine being the helpless victim of Character/Criminal Identity Theft.

Only one out of 700 criminals engaged in ID theft are caught. This is a crime wave with no end in sight and as more and more of employees fall victim, it will hurt the bottom line of their employer since the Federal Trade Commission says that on average, it takes 600 hours to restore your identity. That is 15 40 hour work weeks. Who has that kind of time? ALL the data leaks are coming from ignorance on the part of businesses or the government themselves. The Census Bureau is very proud that they have ONLY lost 1,200 lap top computers with millions of names and personal information on American citizens. So the government is clamping down HARD on businesses because they can't do a thing on the criminal front.

The National Institute of Standards and Technology (NIST) clearly identifies “unauthorized access” as a type of security breach that each business must address. That means each computer needs to be password protected and the password can't be put on a yellow sticky on the monitor. You need a clean desk policy at the end of each business day with ALL personal information locked up. ID theft crime rings have set up "janitorial" businesses that come in at night and copy client and employee data files, go through unlocked file cabinets and trash looking for personal info, employment applications etc. Confidence men (women) can take jobs as low level temporary office employees and steal the data bases with all the information of the businesses clients.

In "The Coming Pandemic" (5/15/06 article in Chief Information Officer magazine) the writer says, "If you experience a security breach, 20% of your affected customer base will no longer do business with you. 40% will consider ending their relationship, and 5% will be hiring lawyers!" The author also stated, "When it comes to cleaning up this mess, companies on average spend 1,600 work hours per incident at a cost of $40,000 to $92,000 per victim." Here is an outline of the major laws that affect ID Theft and have led to absolute liability to businesses that have not secured their files.

ID Theft was finally recognized as a crime in 1998 when Congress passed the Identity Theft and Assumption Act and established the Federal Trade Commission as the lead agency to enforce and fine businesses for non compliance. The FTC says that each year since 1998 there has been twice as much ID theft reported than the year before and even though it is severely under reported it is estimated that as of July 2006 there have been over 88 million consumers affected by the reported breaches.

FACTA (Federal legislation in effect since June 2005) Grants additional rights to consumers and incorporates specific provisions designed to help victims of ID theft and fraud, mainly that they are entitled to one free credit report per year from each of the 3 reporting agencies due to the proliferation of ID theft that has only gotten worse. Gramm, Leach, Bliley Safeguard Rule (fed legislation since 1999) the compliance deadline was in 2001 GLB, has a broad spectrum of qualifications, requirements and regulating parties. Eight agencies and the states are charged with managing and enforcing the regulations.

GLB applies to a broad range of businesses that collect the personal financial information of their clients! The two regulations of GLB are the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule addresses the collection and dissemination of customers’ information while the Safeguard rule governs the processes and controls an organization's uses to protect customers’ financial information.

The Safeguard Rule is enforced by the Federal Trade Commission. In addition to public embarrassment of non-compliance, organizations may be fined thousands of dollars a day while they are non-compliant.

GLB calls for businesses to:

1. Ensure the security and confidentiality of customer information;

2. Protect against any anticipated threats or hazards to the security or integrity of such information; and

3. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

In a nutshell, it requires that regulated companies do the following:

Specify a person or group of people to be responsible for GLB compliance. Identify security risks involving customer information. Assess existing safeguards for protecting the privacy of customer information. Implement any additional safeguards that are needed. Monitor the effectiveness of safeguards. Ensure th

RS is going to take a real interest when they see how much "you" earned at your 10, 20 or 80 different jobs and none of "you" did the proper withholding.

Disgruntled workers with access to the data files of their employer's clients or the other employees in the company, can make a lot of money selling little pieces of you. They can sell your Social Security number Identity for $100, they can sell your credit card info (financial identity)for $50-$100 per card, they can sell you medical insurance information for $60 and they can sell your driver's license identity for $150, which will have a negative impact on your character/criminal identity if they decide to rob a liquor store and get caught with "your" driver's license. Anyone who has been noticing, 2 of last year's Reader's Digest covers will already know the devastation caused by medical identity theft.

The government recently decided that the DMVs of each state needed to be able to recognize what the actual driver's licenses of all the other states looked like so that when a resident of Florida moves to California, the CA DMV can recognize a "real" Florida license. So the Feds made up a little book with the EXACT specifications on each state's driver's license. About a week after that book was distributed to each state's DMV it was already being sold on the internet. A new and very lucrative business has sprung up because of that book. All a criminal needs is a laptop computer, a printer, a laminator and that little book and they have themselves a prosperous criminal enterprise. The police can not tell the difference between the "real" license and the fake one. In fact they can't tell the difference between the "data base you" and the you who is looking at yourself in the mirror. The data base you has gone on a crime spree and given the police a copy of a driver's license with YOUR number and another address on it. You never get the notice to appear and they sure aren't going to show up at your trail, so a bench warrant goes out in your name and the next time you are stopped for some routine traffic violation, the real you is going to jail. How many times do the criminals say, "OK, you got me." Isn't the regular drill something like, "You've got the wrong guy. It wasn't me." Except this time it WAS the data based you. The second most prevalent form of identity theft reported to the Federal Trade Commission involves people committing crimes in another person's name. Imagine being the helpless victim of Character/Criminal Identity Theft.

Only one out of 700 criminals engaged in ID theft are caught. This is a crime wave with no end in sight and as more and more of employees fall victim, it will hurt the bottom line of their employer since the Federal Trade Commission says that on average, it takes 600 hours to restore your identity. That is 15 40 hour work weeks. Who has that kind of time? ALL the data leaks are coming from ignorance on the part of businesses or the government themselves. The Census Bureau is very proud that they have ONLY lost 1,200 lap top computers with millions of names and personal information on American citizens. So the government is clamping down HARD on businesses because they can't do a thing on the criminal front.

The National Institute of Standards and Technology (NIST) clearly identifies “unauthorized access” as a type of security breach that each business must address. That means each computer needs to be password protected and the password can't be put on a yellow sticky on the monitor. You need a clean desk policy at the end of each business day with ALL personal information locked up. ID theft crime rings have set up "janitorial" businesses that come in at night and copy client and employee data files, go through unlocked file cabinets and trash looking for personal info, employment applications etc. Confidence men (women) can take jobs as low level temporary office employees and steal the data bases with all the information of the businesses clients.

In "The Coming Pandemic" (5/15/06 article in Chief Information Officer magazine) the writer says, "If you experience a security breach, 20% of your affected customer base will no longer do business with you. 40% will consider ending their relationship, and 5% will be hiring lawyers!" The author also stated, "When it comes to cleaning up this mess, companies on average spend 1,600 work hours per incident at a cost of $40,000 to $92,000 per victim." Here is an outline of the major laws that affect ID Theft and have led to absolute liability to businesses that have not secured their files.

ID Theft was finally recognized as a crime in 1998 when Congress passed the Identity Theft and Assumption Act and established the Federal Trade Commission as the lead agency to enforce and fine businesses for non compliance. The FTC says that each year since 1998 there has been twice as much ID theft reported than the year before and even though it is severely under reported it is estimated that as of July 2006 there have been over 88 million consumers affected by the reported breaches.

FACTA (Federal legislation in effect since June 2005) Grants additional rights to consumers and incorporates specific provisions designed to help victims of ID theft and fraud, mainly that they are entitled to one free credit report per year from each of the 3 reporting agencies due to the proliferation of ID theft that has only gotten worse. Gramm, Leach, Bliley Safeguard Rule (fed legislation since 1999) the compliance deadline was in 2001 GLB, has a broad spectrum of qualifications, requirements and regulating parties. Eight agencies and the states are charged with managing and enforcing the regulations.

GLB applies to a broad range of businesses that collect the personal financial information of their clients! The two regulations of GLB are the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule addresses the collection and dissemination of customers’ information while the Safeguard rule governs the processes and controls an organization's uses to protect customers’ financial information.

The Safeguard Rule is enforced by the Federal Trade Commission. In addition to public embarrassment of non-compliance, organizations may be fined thousands of dollars a day while they are non-compliant.

GLB calls for businesses to:

1. Ensure the security and confidentiality of customer information;

2. Protect against any anticipated threats or hazards to the security or integrity of such information; and

3. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

In a nutshell, it requires that regulated companies do the following:

Specify a person or group of people to be responsible for GLB compliance. Identify security risks involving customer information. Assess existing safeguards for protecting the privacy of customer information. Implement any additional safeguards that are needed. Monitor the effectiveness of safeguards. Ensure t

se you has gone on a crime spree and given the police a copy of a driver's license with YOUR number and another address on it. You never get the notice to appear and they sure aren't going to show up at your trail, so a bench warrant goes out in your name and the next time you are stopped for some routine traffic violation, the real you is going to jail. How many times do the criminals say, "OK, you got me." Isn't the regular drill something like, "You've got the wrong guy. It wasn't me." Except this time it WAS the data based you. The second most prevalent form of identity theft reported to the Federal Trade Commission involves people committing crimes in another person's name. Imagine being the helpless victim of Character/Criminal Identity Theft.

Only one out of 700 criminals engaged in ID theft are caught. This is a crime wave with no end in sight and as more and more of employees fall victim, it will hurt the bottom line of their employer since the Federal Trade Commission says that on average, it takes 600 hours to restore your identity. That is 15 40 hour work weeks. Who has that kind of time? ALL the data leaks are coming from ignorance on the part of businesses or the government themselves. The Census Bureau is very proud that they have ONLY lost 1,200 lap top computers with millions of names and personal information on American citizens. So the government is clamping down HARD on businesses because they can't do a thing on the criminal front.

The National Institute of Standards and Technology (NIST) clearly identifies “unauthorized access” as a type of security breach that each business must address. That means each computer needs to be password protected and the password can't be put on a yellow sticky on the monitor. You need a clean desk policy at the end of each business day with ALL personal information locked up. ID theft crime rings have set up "janitorial" businesses that come in at night and copy client and employee data files, go through unlocked file cabinets and trash looking for personal info, employment applications etc. Confidence men (women) can take jobs as low level temporary office employees and steal the data bases with all the information of the businesses clients.

In "The Coming Pandemic" (5/15/06 article in Chief Information Officer magazine) the writer says, "If you experience a security breach, 20% of your affected customer base will no longer do business with you. 40% will consider ending their relationship, and 5% will be hiring lawyers!" The author also stated, "When it comes to cleaning up this mess, companies on average spend 1,600 work hours per incident at a cost of $40,000 to $92,000 per victim." Here is an outline of the major laws that affect ID Theft and have led to absolute liability to businesses that have not secured their files.

ID Theft was finally recognized as a crime in 1998 when Congress passed the Identity Theft and Assumption Act and established the Federal Trade Commission as the lead agency to enforce and fine businesses for non compliance. The FTC says that each year since 1998 there has been twice as much ID theft reported than the year before and even though it is severely under reported it is estimated that as of July 2006 there have been over 88 million consumers affected by the reported breaches.

FACTA (Federal legislation in effect since June 2005) Grants additional rights to consumers and incorporates specific provisions designed to help victims of ID theft and fraud, mainly that they are entitled to one free credit report per year from each of the 3 reporting agencies due to the proliferation of ID theft that has only gotten worse. Gramm, Leach, Bliley Safeguard Rule (fed legislation since 1999) the compliance deadline was in 2001 GLB, has a broad spectrum of qualifications, requirements and regulating parties. Eight agencies and the states are charged with managing and enforcing the regulations.

GLB applies to a broad range of businesses that collect the personal financial information of their clients! The two regulations of GLB are the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule addresses the collection and dissemination of customers’ information while the Safeguard rule governs the processes and controls an organization's uses to protect customers’ financial information.

The Safeguard Rule is enforced by the Federal Trade Commission. In addition to public embarrassment of non-compliance, organizations may be fined thousands of dollars a day while they are non-compliant.

GLB calls for businesses to:

1. Ensure the security and confidentiality of customer information;

2. Protect against any anticipated threats or hazards to the security or integrity of such information; and

3. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

In a nutshell, it requires that regulated companies do the following:

Specify a person or group of people to be responsible for GLB compliance. Identify security risks involving customer information. Assess existing safeguards for protecting the privacy of customer information. Implement any additional safeguards that are needed. Monitor the effectiveness of safeguards. Ensure t

n desk policy at the end of each business day with ALL personal information locked up. ID theft crime rings have set up "janitorial" businesses that come in at night and copy client and employee data files, go through unlocked file cabinets and trash looking for personal info, employment applications etc. Confidence men (women) can take jobs as low level temporary office employees and steal the data bases with all the information of the businesses clients.

In "The Coming Pandemic" (5/15/06 article in Chief Information Officer magazine) the writer says, "If you experience a security breach, 20% of your affected customer base will no longer do business with you. 40% will consider ending their relationship, and 5% will be hiring lawyers!" The author also stated, "When it comes to cleaning up this mess, companies on average spend 1,600 work hours per incident at a cost of $40,000 to $92,000 per victim." Here is an outline of the major laws that affect ID Theft and have led to absolute liability to businesses that have not secured their files.

ID Theft was finally recognized as a crime in 1998 when Congress passed the Identity Theft and Assumption Act and established the Federal Trade Commission as the lead agency to enforce and fine businesses for non compliance. The FTC says that each year since 1998 there has been twice as much ID theft reported than the year before and even though it is severely under reported it is estimated that as of July 2006 there have been over 88 million consumers affected by the reported breaches.

FACTA (Federal legislation in effect since June 2005) Grants additional rights to consumers and incorporates specific provisions designed to help victims of ID theft and fraud, mainly that they are entitled to one free credit report per year from each of the 3 reporting agencies due to the proliferation of ID theft that has only gotten worse. Gramm, Leach, Bliley Safeguard Rule (fed legislation since 1999) the compliance deadline was in 2001 GLB, has a broad spectrum of qualifications, requirements and regulating parties. Eight agencies and the states are charged with managing and enforcing the regulations.

GLB applies to a broad range of businesses that collect the personal financial information of their clients! The two regulations of GLB are the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule addresses the collection and dissemination of customers’ information while the Safeguard rule governs the processes and controls an organization's uses to protect customers’ financial information.

The Safeguard Rule is enforced by the Federal Trade Commission. In addition to public embarrassment of non-compliance, organizations may be fined thousands of dollars a day while they are non-compliant.

GLB calls for businesses to:

1. Ensure the security and confidentiality of customer information;

2. Protect against any anticipated threats or hazards to the security or integrity of such information; and

3. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

In a nutshell, it requires that regulated companies do the following:

Specify a person or group of people to be responsible for GLB compliance. Identify security risks involving customer information. Assess existing safeguards for protecting the privacy of customer information. Implement any additional safeguards that are needed. Monitor the effectiveness of safeguards. Ensure t

dit report per year from each of the 3 reporting agencies due to the proliferation of ID theft that has only gotten worse. Gramm, Leach, Bliley Safeguard Rule (fed legislation since 1999) the compliance deadline was in 2001 GLB, has a broad spectrum of qualifications, requirements and regulating parties. Eight agencies and the states are charged with managing and enforcing the regulations.

GLB applies to a broad range of businesses that collect the personal financial information of their clients! The two regulations of GLB are the Financial Privacy Rule and the Safeguards Rule. The Financial Privacy Rule addresses the collection and dissemination of customers’ information while the Safeguard rule governs the processes and controls an organization's uses to protect customers’ financial information.

The Safeguard Rule is enforced by the Federal Trade Commission. In addition to public embarrassment of non-compliance, organizations may be fined thousands of dollars a day while they are non-compliant.

GLB calls for businesses to:

1. Ensure the security and confidentiality of customer information;

2. Protect against any anticipated threats or hazards to the security or integrity of such information; and

3. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

In a nutshell, it requires that regulated companies do the following:

Specify a person or group of people to be responsible for GLB compliance. Identify security risks involving customer information. Assess existing safeguards for protecting the privacy of customer information. Implement any additional safeguards that are needed. Monitor the effectiveness of safeguards. Ensure that service providers are able to meet the GLB requirements. Upgrade the organization's security program as necessary due to changing circumstances.

California SB 1386, effective 7/1/03 Data Breach Notifications ANY business having even 1 customer in California requires a PUBLIC disclosure of computer security breaches when personal information of any California customer is compromised. This law subjects a company to civil and class action lawsuits by any injured customer.

Betty Broder, who is the assistant director of the FTC's Division of Privacy and Identity Protection says, "You don't have to have a perfect plan, but you MUST have a written plan describing how customer and employee data will be protected and an officer on staff responsible for implementing that plan. We need to see that you've taken reasonable steps to protect your customer's info." (quote taken from American Bar Association 3/06 story, "Stolen Lives")

The 1/19/06 edition of Business and Legal Reports says, "One solution that provides an affirmative defense against potential fines, fees, and lawsuits is to offer some sort of identity theft protection as an employee benefit. An employer can choose whether or not to pay for this benefit. The key is to make the protection available, and have a mandatory employee meeting on identity theft and the protection you are making available, similar to what most employers do for health insurance..."

By having a mandatory meeting the employees finally understand their responsibilities to protect the sensitive data of your client's business. This may be overwhelming BUT with a little help a business can develop an affirmative defense. Free federal compliance training is available for businesses who understand the importance of mitigating their damages and providing an affirmative defense. Please contact the author for more information about the free training.