Tag Archives | identity theft

Organization Launches Stolen Data Reporting Service

The National Cyber-Forensics and Training Alliance (NCFTA) has launched a service called Internet Fraud Alert, which aims to act as a central location for researchers to report stolen data that they may find online. Microsoft developed the backend of the website, and then donated it to the NCFTA. While companies often perform internal investigations, it is common to find data that is actually stolen from another company. Until now, there was no way to share these findings easily.

Several companies including Microsoft, eBay, Paypal, Citizens Bank, and Accuity have partnered to offer support, and the service also has the blessing of the American Bankers Association, the Anti-Phishing Working Group, as well as the Federal Trade Commission. Approved organizations will be able to begin submitting found data immediately.

No comments

Identity Theft Protections Put Off Until Tomorrow–Again

Measures that would protect consumers from identity theft have been delayed, because many businesses are not compliant yet with federal regulations. Fortunately, there are solutions to help them protect your privacy.

In 2007, the United States Federal Trade Commission issued its final rules on identity theft “red flags” and address discrepancies. Fast forward to today, and the implementation of those rules has been delayed for a second time until August 1st.

The rules are intended to protect consumers from identity threat by governing how businesses that deal with credit handle financial information. Industries affected by the rules include healthcare providers (doctors, hospitals), utilities (gas, electric, telephone, cable TV, etc.), auto (car, motorcycle, RV dealerships), real estate (brokers, lenders), banks and credit unions and more, according to Compliance Coach, a company that sells risk assessment software.

It was an e-mail pitch from Compliance Coach about the delay that inspired me to write this article. The delay has occurred due in part to the fact that many businesses are not yet compliant with the rules or are unaware that they applies to them, the company says. It’s onto something.

A few weeks ago, I had a conversation with Peter Coffee, director of platform research at Salesforce.com. Peter said that it would be okay for me to disclose that a significant portion of IT professionals (not all of who were Salesforce customers), surveyed in third party research that it uses internally, understand that they are not compliant with existing laws and legal rulings that affect IT operations.

He noted in a follow-up e-mail that the research he discussed is not a statement of the legal opinions of the company’s corporate counsel, nor is it a formal statement of the assurances provided by the team that is headed by its chief trust officer.

Salesforce needs to think hard about compliance, because its customers are forced to tackle issues around data when they use its services. The cloud computing model that Salesforce pioneered–where data is hosted by a third party on remote servers–forces companies to build applications that abide by regulations that govern data, such as who can access it, and where it can exist.

Today’s delay is yet another example of how traditional IT has trouble keeping pace with cloud services. It is simply too difficult for many businesses to build the systems that they need to be compliant.

Cloud services can help organizations with limited IT resources meet today’s standards for business processes and data, because cloud providers must meet those considerations as part of their business model. The easier that is for businesses to be compliant, the safer your personal information becomes. Now let’s just hope that the FTC’s new protections go into effect with no further delays.

6 comments