The Agency Insider with Linda McGlasson

The Golden Rule of Information Protection and ID Theft Red Flags Compliance

The Golden Rule of Information Protection and ID Theft Red Flags Compliance

As institutions look at their calendars and see that November 1 compliance deadline looming, it's time to realize that this isn't just another regulation. The ID Theft Red Flags Rule is about stopping identity theft from happening to your customers.

When I hear information security professionals say they're overwhelmed with the amount of work that is having to be done to comply with such regulatory requirements, I think of what my grandmother always used to tell us when we grandkids were squabbling over something or tormenting our siblings - "Treat others as you would like to be treated; that's the Golden Rule."

I want to tell those security professionals whining out there that it is hard work to protect all that personally identifiable information (PII) at their institution - think how you'd want your PII protected?

This should be the Golden Rule of Information Protection and what makes it personal to you when it comes to meeting ID Theft Red Flags compliance. How would you feel if your customer account information was taken? What if the institution you did your banking at didn't fully implement an ID Theft Prevention Program, and your information along with other customers was taken and used for identity theft? Wouldn't you expect that your banking institution would take the most stringent measures in authenticating you are really you and not somebody who is pretending to be you? See the 26 Red Flags and put yourself in each scenario and think what you would lose if it happened to you.

Think how you'd feel if your savings account was drained and you had to explain to angry retailers or credit card companies that the thousands of dollars charged on a credit card with your name on it were not made by you, but a criminal who has stolen your identity.

Face it -- your institution may be considered ground zero for an identity thief. If you think that your institution and the rest of the financial services industry is getting the fuzzy end of the lollipop, take a look at what other entities are doing as part of the marching orders that came from The President's Identity Theft Task Force Report. Just skim through this 70-page report and you'll see that your institution isn't the only entity doing significant work in combating this heinous, life destroying and highly personal crime.

And yes, I've heard other institutions that aren't state-chartered credit unions call for a push-back of their compliance date. (For those of you who missed last week's news, the FTC pushed back the enforcement date for state-chartered credit unions until May 1, 2009.) Read between the lines -- that doesn't mean those state-chartered credit unions won't be liable, just that the FTC won't enforce the rule. If identity theft occurs at a state-chartered credit union beginning November 1, they would be liable and answerable to the FTC.

For the rest in the banking world, there are only a few days left until the November 1 compliance date rolls around, and if you're not ready to meet your examiner with a program, I hope my pep talk gets you back on track to meet and pass a regulator's examination. Remember to think it's your information you're protecting, and apply the Golden Rule of Information Protection.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.