Re: Big Data Request for Information

Size: px
Start display at page:

Download "Re: Big Data Request for Information"

Transcription

1 March 31, 2014 Attn: Big Data Study Office of Science and Technology Policy Eisenhower Executive Office Building 1650 Pennsylvania Avenue NW Washington, D.C Ladies and Gentlemen: Re: Big Data Request for Information The Financial Services Roundtable ( FSR ) 1 is pleased to respond to the government s request for information concerning the collection, analysis and use of big data published in the Federal Register on March 4, 2014 (the RFI ) by the Office of Science and Technology Policy (the Office ). Background and Overview On January 17, 2014, President Obama called for a comprehensive review of how big data, defined in the RFI as datasets so large, diverse, and/or complex, that conventional technologies cannot adequately capture, store, or analyze them, will affect the everyday lives of Americans. The Office issued the RFI to facilitate that review and requested voluntary responses from both the public and private sector. The RFI poses five questions aimed at gathering responses on the implications of collecting, analyzing and using big data for privacy, the economy and public policy, with a focus on how 1 As advocates for a strong financial future, FSR represents 100 integrated financial services companies providing banking, insurance, and investment products and services to the American consumer. Member companies participate through the Chief Executive Officer and other senior executives nominated by the CEO. FSR member companies provide fuel for America s economic engine, accounting directly for $98.4 trillion in managed assets, $1.1 trillion in revenue, and 2.4 million jobs. 1

2 technological advances and broadening uses of such data can be maximized while minimizing the risks to privacy. FSR and its members are strongly committed to protecting the privacy of Americans. We share the Office s view that big data can be used to spur innovation and maximize the opportunities and free flow of this information, but that consumers must be provided with meaningful protections to ensure the privacy and security of data about them, including personal information. Our response to the RFI addresses this balance of interests, first, by providing an overview of the many ways in which financial institutions currently use certain data about their consumers to provide financial services (i.e., from enhancing fraud prevention to complying with anti-money laundering regulations); and second, by summarizing the primary federal statutes and regulations and industry guidelines already in place governing how financial institutions collect, use, share and secure information about consumers. This response follows on the heels of the March 27, 2013 meeting at the White House between representatives from the financial services industry and Administration officials. At that meeting, BITS (the technology policy division of FSR) and other financial services executives emphasized to Administration officials the importance of data analytics for the purposes of fraud reduction and cybersecurity, and discussed other direct and indirect benefits to consumers. There is no question that increased access to big data not only will combat fraud and improve security, but also will provide new insights and opportunities to improve financial products and customer relationships. We welcome the Office s efforts to undertake a review of big data. We note, however, that the concept of big data is an evolving one, and therefore, any questions, policies or frameworks that may be developed to address it should be formulated in ways that do not unnecessarily stymie its possible beneficial effects on society, individuals and the economy. Big data and enhanced data analytics, in general, can be used to strengthen national security, drive effective marketing, improve health care, enable a cleaner environment, and build safer cities. To the extent there are concerns about big data whether it is the creepiness factor or that it may lead to profiling or discrimination the financial services industry is vigilant about these concerns and operates not only in strict compliance with existing privacy and data security laws and regulations, but also works with BITS and other industry organizations to continually develop best practices for the industry. We appreciate this opportunity to share our industry s experiences and expertise with the Office and look forward to being part of the government s continuing dialogue about big data in the future. 2

3 Overview of Uses of Consumer Data In general, financial institutions collect, analyze and use data about consumers to provide better, more secure financial products to them. The data that is reviewed is not necessarily big data, as defined in the RFI, but as big data becomes easier to access and manage, it undoubtedly will be used for the same purposes. An overview of some of the key ways in which consumer data is used today is provided below. To Improve Access to Financial Products Consumers today require quick access to banks, credit, and other financial services. In order to make rapid, reliable, and appropriate decisions about credit, insurance, and other consumer loans, financial institutions need to have ready access to a range of information about consumers. This information provides two downstream effects: first, it reduces the cost of financial services, and second, it increases the availability of those services. Banks are able to reduce costs by pooling consumer loans (securitization), practical only when accurate consumer information is available. Credit is provided based on historical consumer data including credit (FICO) scores, and is already highly regulated by the Fair Credit Reporting Act. As more consumer data becomes available in the future (e.g., in the form of big data ), banks may be able to better gauge the creditworthiness of consumers, including those who have not yet established credit, by reviewing a broader array of relevant data and not relying solely on FICO scores. The data also may be used to create new financial products personalized to the consumer. In short, by using enhanced analytics, financial institutions will be able to better define and service their customers. Enhancing Fraud Prevention and Customer Service The ability of financial institutions to use big data to detect and prevent fraudulent activity saves billions of dollars each year for consumers and for financial institutions. In 2010, 73% of banks reported losses from check fraud, totaling around $893 million, but attempted check fraud amounted to around $11 billion. 2 Banks are estimated to have prevented around $13 billion in fraudulent transactions that would have affected consumers in 2012, in no small part because they have been able to use consumer data to spot these transactions early on. 3 2 Association for Financial Professionals, 2013 AFP Payments Fraud and Control Survey, available at 3 American Bankers Association, Banks Stop $13 Billion in Fraud Attempts in 2012, available at 3

4 Financial institutions generally bear the burden of fraudulent transactions: they refund consumers and retailers affected by the fraud. To stem these losses and protect their consumers, they rely heavily on access to consumer transaction histories which allow them to detect and prevent fraudulent activity. By sharing consumer data with affiliates, they also are able to deter broader fraudulent activity across affiliate accounts. Access to consumer data also allows financial institutions to provide better, more responsive customer service, including across affiliates. This can include not only helping customers when they have problems with their accounts, but also offering targeted or bundled services to customers with particular needs. Compliance Financial institutions are subject to anti-money laundering regulations and other laws that require mandatory reporting of suspicious transactions. In particular, banks are required to notify the government of high-value currency transactions and similar suspicious activity. Access to consumer data can efficiently limit the occurrence of false positives when a bank checks suspicious names against a sanctions list. In addition, by responsibly monitoring customer activity over time, banks also can improve the accuracy of their reporting to the government. Marketing Financial institutions also use consumer data to identify the needs of their customers and ensure more relevant advertisements are reaching those customers. Targeted marketing can reduce unwanted or duplicative advertising, and engage consumers more efficiently. Consumers have the ability to control whether to receive such advertising by opting out of receiving s, phone calls and direct mail solicitations. Technological Trends in the Collection and Use of Big Data (Question 3) Financial institutions collect consumer data directly from the consumer, from affiliates and from non-affiliates with notice to the consumer through a variety of traditional methods, including through the institution s website, at branches or other physical locations, and by phone. Due to technological advances, the types of information they are able to collect and the means by which they can collect it have expanded in recent years, as detailed below. The collected data, in turn, is used to provide better financial products and to improve customer relationships. Mobile Applications and Social Media Today virtually every major financial services institution offers mobile applications (e.g., a mobile banking application), which offer convenience and accessibility to users. Mobile applications present a new opportunity to improve communication between customers and financial institutions, permitting more real time 4

5 interactions like balance notifications, potential fraudulent activity alerts, and other up-tothe-minute information. They also offer consumers a portable means of accessing their financial data. Data collected from mobile applications can include personal information, financial information and location data. Mobile privacy has received significant attention in recent years. The Federal Trade Commission (the FTC ) and California s Attorney General issued mobile privacy guidelines in 2013 to address the unique privacy concerns raised by mobile applications, including the collection of location data. Those guidelines serve as guide posts for the financial services and other industries. Financial institutions also are increasingly engaging with consumers through social media platforms for marketing purposes, but social media is not a primary source for consumer information. Location Data and Biometrics The kinds of personal information available to financial institutions have expanded in recent years. A primary example is consumer location data, which is used to provide customer services (e.g., to identify the location of nearby ATMs through a mobile banking app) and to detect possible fraud (e.g., to verify transactions based on the location of the consumer). Fingerprint recognition technology is also being used by banks in countries like Brazil to secure transactions and protect customers against fraud. However, further research and consideration of the associated privacy and security risks will be required before biometrics are adopted by the U.S. financial services industry in any meaningful way. Online Behavioral Advertising For marketing purposes, financial institutions today engage in some level of online behavioral advertising ( OBA ). OBA basically is advertising targeted to consumers based on their prior actions online. In the financial services context, OBA primarily takes the form of retargeting advertisements: consumers are shown ads for products or services they previously viewed online. Retargeting provides consumers with more relevant and useful advertising based on expressed needs, and can decrease the amount of unwanted and unnecessary advertising consumers see or receive. Many financial institutions are members of the Digital Advertising Alliance (DAA) s self-regulating program, which requires enhanced transparency and optimizes consumer choice with respect to OBA. The program allows consumers to opt out of their data being used for OBA by clicking on the ad choices icon, a universal symbol found near advertisements or on Internet pages where data is collected for OBA purposes. 5

6 Existing Privacy Laws Governing the Financial Services Sector (Questions 1, 3, and 5) As noted above, banks and other financial institutions necessarily collect, analyze and use a significant amount of consumer information in the ordinary course of business. For that reason, in addition to privacy regulations applicable to all industries (e.g., Section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices in or affecting commerce, and similar state laws), the financial services sector has long been subject to a set of specific federal and state laws that regulate how personal information may be collected, used, shared and secured by financial institutions. Importantly, the laws are in place to protect the consumer and seek to accomplish this primarily through transparency and notice. Under the existing legal framework, financial institutions have affirmative disclosure obligations to ensure that consumers are aware of the types of information that are being collected and how that data may be used or shared by financial institutions. Consumers are also provided with meaningful choice as to how that data may be used or shared by affiliated or unaffiliated entities (e.g., through opt-out notices). Financial institutions also provide customers with the option to limit , telephone and direct mail solicitations. The federal laws are reinforced by various U.S. state law requirements as well as industry best practices. Nearly all states have enacted laws that regulate the collection and use of consumer credit and financial data as well as laws requiring data breach notification. And some states, like California, afford even greater privacy protections to the financial information of consumers. Through its partnership with organizations like BITS, the financial services industry also has developed and implemented data security best practices. Together, these laws and standards establish a comprehensive framework for maintaining the highest standards of protection and privacy for consumer data. The Gramm-Leach-Bliley Financial Modernization Act of 1999 ( GLBA ) 4 The GLBA is the primary law governing the privacy of consumer financial information. First, financial institutions covered by the GLBA are required to adopt privacy policies and make their information-sharing practices transparent to customers in annual privacy notices. The privacy policy must plainly inform consumers and customers of what information is collected, identify with whom the information will be shared, and describe how that information will be protected. Second, the GLBA generally prohibits financial institutions from sharing nonpublic and personally identifiable financial information with unaffiliated third parties, unless the customer receives notice and opportunity to opt-out. Lastly, the GLBA requires financial institutions to develop, implement 4 15 U.S.C et seq. 6

7 and maintain a comprehensive information security program designed to safeguard customer data. The Fair Credit Reporting Act of 1970 ( FCRA ) 5 The FCRA regulates the practices of consumer reporting agencies that compile consumer information used by companies, including financial institutions, to make credit, employment, or insurance decisions affecting consumers. The FCRA also regulates the users of that consumer report information. Financial institutions may only use consumer report information for the purposes specified in the statute. Depending on the proposed use of the information, certain disclosures are required either before obtaining this information, in connection with using the information to take adverse action, or both. Consumers may opt out of the sharing of certain information between affiliates. And in the marketing context, there are rules about pre-screened offers for credit or insurance, restrictions on the sharing of information between affiliates for marketing purposes, and mechanisms for consumer choice. The Fair and Accurate Credit Transactions Act of 2003 ( FACTA ) 6 FACTA, which substantially amended the FCRA, enhanced consumer protections by requiring federal agencies to adopt affiliate marketing, disposal, and identity theft red flag rules. The affiliate marketing provisions of FACTA generally prohibit companies from using consumer information received by an affiliate to make marketing solicitations, unless the consumer is provided with clear and conspicuous notice and the opportunity to opt out. Importantly, the rules apply to information that is otherwise excluded from the scope of consumer report information under the FCRA. The Disposal Rule protects against unauthorized access or use of consumer information and obligates companies to securely dispose of information in consumer reports. Financial institutions must incorporate disposal practices into the information security program required by the GLBA Safeguards Rule. Finally, under the Identity Theft Red Flag Rule, financial institutions and creditors that hold any consumer account for which there is a reasonably foreseeable risk of identity theft must implement programs designed to detect, prevent, and mitigate these risks U.S.C et seq. 6 Pub. L. No , 117 Stat (Dec. 4, 2003). 7

8 The California Financial Information Privacy Act ("SB1") 7 California state privacy laws are widely considered the most comprehensive and stringent of the state financial privacy laws. SB1 imposes obligations on financial institutions operating in its jurisdiction that are stricter than those provided for under federal law. Namely, SB1 defines identifiable information more broadly than federal law, requires opt-in as opposed to opt-out consent under certain circumstances and contains stricter limitations on the sharing of covered information with affiliates. For example, affirmative opt-in consent is required under California law before financial institutions may share covered information with nonaffiliated third parties. An opt-out opportunity must also be provided to consumers before financial institutions share covered information with affiliates in different lines of business. BITS Cybersecurity and Fraud Reduction Best Practices As the technology policy division of FSR, BITS addresses issues at the intersection of financial services, technology and public policy, where industry cooperation serves the public good, such as cybersecurity, critical infrastructure protection, fraud prevention, and the safety of financial services and its consumers. BITS, which was formed in 1996, works with subject matter experts from within its 100 member companies in each of the areas noted to develop best practices related to safe and sound computing, the protection of consumer information and protection of its members and their consumers from cyber attacks and fraud schemes. (See more at: Federal Financial Institutions Examination Council ( FFIEC ) Guidance The Federal Financial Institutions Examination Council, or FFIEC, is a government organization that works to promote uniform supervision of financial institutions. The FFIEC has issued a number of data security guidance documents, including standards for authentication that recommend the use of multi-factor identification or other means of identifying consumers (including biometric templates) to increase security and prevent unauthorized access. 8 The FFIEC guidance statements represent evolving best practices and are another helpful mechanism for ensuring the application of uniform, sufficient controls for safeguarding consumer data in a rapidly changing landscape. 7 Cal. Fin. Code FFIEC, Security Controls Implementation: Authentication, available at 8

9 The Financial Services Information Sharing & Analysis Center ( FS-ISAC ) Data Security Standards 9 Conclusion Another key component critical to safeguarding sensitive consumer information held by financial institutions is collaboration and information sharing among industry members and between industry and the government. To that end, FS- ISAC was formed in 1999 to facilitate partnership between the public and private sectors working to defend the nation s critical infrastructures from cyber threats. There are thousands of member institutions primarily consisting of large financial services firms. The FS-ISAC model allows members to share threat, vulnerability, and incident information anonymously to protect the sector as a whole. It also developed best practices for mitigating system risks, as well as the development and testing of crisis management procedures. Access to big data whether it is personal information collected from the consumer or information about their transaction histories collected from third parties is crucial for the provision of financial services and the security of consumers. Perhaps more than any sector, the financial services industry has had to balance these important interests against the risks of minimizing consumer privacy. We believe that the existing legal framework governing the financial services sector, including data best practices adopted by the industry, accomplish just that through various mandatory notice obligations and security standards. We would be happy to provide the Office with any additional information as it proceeds with its work of framing the main questions and policy concerns surrounding big data. Thank you for the opportunity to respond to the RFI. If you have any questions, please feel free to contact me at (202) Respectfully submitted, Richard Foster Vice President & Senior Counsel for Regulatory and Legal Affairs Financial Services Roundtable 9 See Industry Best Practices, available at https://www.fsisac.com/news/industry_best_practices. 9

Section 10: Fair Credit Reporting Act (FCRA) Policy

Section 10: Fair Credit Reporting Act (FCRA) Policy Section 10: Fair Credit Reporting Act (FCRA) Policy Summary of Regulation The Fair Credit Reporting Act (FCRA) regulates Consumer Reporting Agencies (CRAs), users of consumer reports, and furnishers of

More information

FEDERAL RESERVE SYSTEM

FEDERAL RESERVE SYSTEM FEDERAL RESERVE SYSTEM Request for Information for Study on Prescreened Solicitations or Firm Offers of Credit or Insurance Docket No. OP-1195 AGENCY: Board of Governors of the Federal Reserve System.

More information

Privacy of Consumer Financial Information

Privacy of Consumer Financial Information Background and Overview Introduction Title V, Subtitle A of the Gramm-Leach-Bliley Act ( GLBA ) 1 governs the treatment of nonpublic personal information about consumers by financial institutions. Section

More information

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,

More information

Global Privacy Japan Sets its Rules for Personal Data

Global Privacy Japan Sets its Rules for Personal Data Global Privacy Japan Sets its Rules for Personal Data Global companies must comply with differing privacy rules. The great divide between the EU and the USA is well-known. See Global Privacy Protection

More information

C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A

C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A W I L L I A M L. K O V A C S S E N I O R V I C E P R E S I D E N T E N V I R O N M E N T, T E C H N O L O G Y & R E G U

More information

IDENTITY THEFT RED FLAGS, ADDRESS DISCREPANCIES, AND CHANGE OF ADDRESS REGULATIONS Examination Procedures

IDENTITY THEFT RED FLAGS, ADDRESS DISCREPANCIES, AND CHANGE OF ADDRESS REGULATIONS Examination Procedures Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Financial Institution Letter FIL-105-2008 October 16, 2008 IDENTITY THEFT RED FLAGS, ADDRESS DISCREPANCIES, AND CHANGE

More information

Fair Credit Reporting Act 1

Fair Credit Reporting Act 1 Fair Credit Reporting Act 1 The Fair Credit Reporting Act (FCRA) 2 became effective on April 25, 1971. The FCRA is a part of a group of acts contained in the Federal Consumer Credit Protection Act 3 such

More information

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy. EFFECTIVE: February 2016 Version 1.2 CHECK 'N GO PRIVACY POLICY This Privacy Policy ("Policy") applies to the use of Check 'n Go (the "Company") online sites and any Company affiliate or subsidiary sites.

More information

Featured Article Federal Red Flag and Related Identity Theft Prevention Rules: Is Your Organization in Compliance?

Featured Article Federal Red Flag and Related Identity Theft Prevention Rules: Is Your Organization in Compliance? Featured Article Federal Red Flag and Related Identity Theft Prevention Rules: Is Your Organization in Compliance? Article contributed by: Nancy L. Perkins, Arnold & Porter LLP As of November 1, 2008,

More information

Re: Big Data: A Tool for Inclusion or Exclusion? Workshop Project No. P145406

Re: Big Data: A Tool for Inclusion or Exclusion? Workshop Project No. P145406 October 30, 2014 Federal Trade Commission Office of the Secretary Room H 113 (Annex X) 600 Pennsylvania Avenue NW Washington, DC 20580 Re: Big Data: A Tool for Inclusion or Exclusion? Workshop Project

More information

Fair Credit Reporting

Fair Credit Reporting Fair Credit Reporting Background The Fair Credit Reporting Act (FCRA) deals with the rights of consumers in relation to their credit reports and the obligations of credit reporting agencies and the businesses

More information

Regulation P Privacy of Consumer Financial Information

Regulation P Privacy of Consumer Financial Information Regulation P Privacy of Consumer Financial Information BACKGROUND AND OVERVIEW Title V, Subtitle A of the Gramm-Leach-Bliley Act ( GLBA ) governs the treatment of nonpublic personal information about consumers

More information

CFPB Consumer Laws and Regulations

CFPB Consumer Laws and Regulations Fair Credit Reporting Act Background and Summary The Fair Credit Reporting Act () 1 became effective on April 25, 1971. The is a part of a group of acts contained in the Federal Consumer Credit Protection

More information

VIII 6.1. VIII. Privacy Fair Credit Reporting Act. Fair Credit Reporting Act. Structure and Overview of Examination Modules.

VIII 6.1. VIII. Privacy Fair Credit Reporting Act. Fair Credit Reporting Act. Structure and Overview of Examination Modules. Fair Credit Reporting Act Introduction The Fair Credit Reporting Act (FCRA) (15 USC 1681-1681u) became effective on April 25, 1971. The FCRA is a part of a group of acts contained in the Federal Consumer

More information

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Submitted via email: cyberframework@nist.gov April 8, 2013 Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Developing a Framework

More information

January 28, 2011. Re: Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework Comment, Docket No.

January 28, 2011. Re: Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework Comment, Docket No. 475 Anton Boulevard Costa Mesa, CA 92626 www.experian.com January 28, 2011 Via Email: privacynoi2010@ntia.doc.gov National Telecommunications and Information Administration U.S. Department of Commerce

More information

THE COMMONWEALTH OF MASSACHUSETTS. Division of Insurance. Arbella Indemnity Insurance Company, Inc.

THE COMMONWEALTH OF MASSACHUSETTS. Division of Insurance. Arbella Indemnity Insurance Company, Inc. THE COMMONWEALTH OF MASSACHUSETTS OFFICE OF CONSUMER AFFAIRS AND BUSINESS REGULATION Division of Insurance Report on the Comprehensive Market Conduct Examination of Arbella Indemnity Insurance Company,

More information

2003 Changes to the Fair Credit Reporting Act: Important Steps Forward at a High Cost

2003 Changes to the Fair Credit Reporting Act: Important Steps Forward at a High Cost 2003 Changes to the Fair Credit Reporting Act: Important Steps Forward at a High Cost With passage of HR 2622, the Fair and Accurate Credit Transactions Act, Congress significantly amended the Fair Credit

More information

YEAR END ISSUANCES BY FEDERAL REGULATORS ADDRESS A MULTITUDE OF PRIVACY ISSUES Jane Hils Shea January 23, 2008

YEAR END ISSUANCES BY FEDERAL REGULATORS ADDRESS A MULTITUDE OF PRIVACY ISSUES Jane Hils Shea January 23, 2008 YEAR END ISSUANCES BY FEDERAL REGULATORS ADDRESS A MULTITUDE OF PRIVACY ISSUES Jane Hils Shea January 23, 2008 The final weeks of 2007 saw a flurry of regulatory activity by the federal banking regulatory

More information

FEDERAL RESERVE SYSTEM. 12 CFR Part 202. [Regulation B; Docket No. R-1008] Equal Credit Opportunity

FEDERAL RESERVE SYSTEM. 12 CFR Part 202. [Regulation B; Docket No. R-1008] Equal Credit Opportunity FEDERAL RESERVE SYSTEM 12 CFR Part 202 [Regulation B; Docket No. R-1008] Equal Credit Opportunity AGENCY: Board of Governors of the Federal Reserve System. ACTION: Advance notice of proposed rulemaking.

More information

September 30, 2015. Marketplace Lending RFI U.S. Department of the Treasury 1500 Pennsylvania Ave NW., Room 1325 Washington, DC 20220

September 30, 2015. Marketplace Lending RFI U.S. Department of the Treasury 1500 Pennsylvania Ave NW., Room 1325 Washington, DC 20220 September 30, 2015 Marketplace Lending RFI U.S. Department of the Treasury 1500 Pennsylvania Ave NW., Room 1325 Washington, DC 20220 Dear Sir or Madam, The American Bankers Association (ABA) 1 and the

More information

Pacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009

Pacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009 Pacific University Policy Governing Identity Theft Prevention Program Red Flag Guidelines Approved June 10, 2009 Program adoption Pacific University developed this identity Theft Prevention Program ( Program

More information

CFTC and SEC Jointly Propose Identity Theft Rules

CFTC and SEC Jointly Propose Identity Theft Rules CLIENT MEMORANDUM March 7, 2012 CFTC and SEC Jointly Propose Identity Theft Rules Contents Identity Theft Prevention Program...1 Entities Required to Comply...1 Financial Institutions and Creditors...

More information

Cybersecurity Issues for Community Banks

Cybersecurity Issues for Community Banks Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street

More information

The New Federal F i n a n c i a l Privacy Law. A Comprehensive Approach That Should be Given Time to Wo r k

The New Federal F i n a n c i a l Privacy Law. A Comprehensive Approach That Should be Given Time to Wo r k The New Federal F i n a n c i a l Privacy Law A Comprehensive Approach That Should be Given Time to Wo r k This booklet provides an overview of the comprehensive new federal financial privacy law that

More information

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF ARIZONA

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF ARIZONA David W. Lincicum (California Bar No. 223566) Burke W. Kappler (D.C. Bar No. 471936) Federal Trade Commission 600 Pennsylvania Avenue, N.W. Mail Stop NJ-8122 Washington, D.C. 20580 dlincicum@ftc.gov bkappler@ftc.gov

More information

1. Entities and Accounts Covered by the New Rules. 1.1. Covered Entities

1. Entities and Accounts Covered by the New Rules. 1.1. Covered Entities CLIENT MEMORANDUM RED FLAG IDENTITY THEFT RULES MAY HAVE YOU SEEING RED: FTC EXTENDS COMPLIANCE DEADLINE BECAUSE MANY COMPANIES DID NOT KNOW THAT THESE RULES APPLY TO THEM When companies outside the financial

More information

UNIVERSITY OF CALIFORNIA, MERCED Red Flag and Security Incident Reporting Policy

UNIVERSITY OF CALIFORNIA, MERCED Red Flag and Security Incident Reporting Policy UNIVERSITY OF CALIFORNIA, MERCED Red Flag and Security Incident Reporting Policy RESPONSIBLE OFFICIAL : Executive Vice Chancellor/Provost RESPONSIBLE OFFICIAL : Business & Financial Services EFFECTIVE

More information

Fair and Accurate Credit Transactions Act of 2003

Fair and Accurate Credit Transactions Act of 2003 Overview of FCRA Legislation Fair and Accurate Credit Transactions Act of 2003 1-800-BANKERS www.aba.com 1120 Connecticut Avenue, NW Washington, DC 20036 1-800-BANKERS www.aba.com World-Class Solutions,

More information

Privacy Law Basics and Best Practices

Privacy Law Basics and Best Practices Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?

More information

OCC ADVISORY LETTER AL 2004 11. Electronic Consumer Disclosures and Notices

OCC ADVISORY LETTER AL 2004 11. Electronic Consumer Disclosures and Notices AL 2004 11 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Electronic Consumer Disclosures and Notices TO: Chief Executive Officers of All National Banks, Federal

More information

Identity Theft Prevention Program

Identity Theft Prevention Program -- Sample Policy -- Identity Theft Prevention Program Purpose To establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in connection with the opening of

More information

Privacy Legislation and Industry Security Standards

Privacy Legislation and Industry Security Standards Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,

More information

FACTA Identity Theft Red Flags Program. www.chs.acfei.com

FACTA Identity Theft Red Flags Program. www.chs.acfei.com 1 FACTA Identity Theft Red Flags Program Module 1 Fair and Accurate Credit Transactions Act Overview Identity thieves use individual s personal identifiable information to open new accounts and misuse

More information

BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade

BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade Commission, Bureau of Consumer Protection Allison M. Lefrak, Attorney,

More information

David Coble Internal Control Officer

David Coble Internal Control Officer WESTERN WASHINGTON UNIVERSITY S RED FLAGS IDENTITY THEFT PREVENTION PROGRAM IMPLEMENTING SECTIONS 114 AND 315 OF THE FAIR AND ACCURATE CREDIT TRANSACTIONS ACT OF 2003 David Coble Internal Control Officer

More information

Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance

Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance National Bar Association - Commercial Law Section 2015 Corporate Counsel Conference February 26, 2015 www.alston.com

More information

Fair Credit Reporting

Fair Credit Reporting Fair Credit Reporting Background The Fair Credit Reporting Act (FCRA) deals with the rights of consumers in relation to their credit reports and the obligations of credit reporting agencies and the businesses

More information

Summary. Background and Justification

Summary. Background and Justification Supporting Statement for the Recordkeeping and Disclosure Requirements Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information (FR 4100; OMB No. 7100-0309) Summary

More information

Before the FEDERAL TRADE COMMISSION Washington, DC 20580. In re Maricopa Community College District

Before the FEDERAL TRADE COMMISSION Washington, DC 20580. In re Maricopa Community College District Before the FEDERAL TRADE COMMISSION Washington, DC 20580 In the Matter of ) ) Maricopa County Community College District ) ) ) Complaint, Request for Investigation, Injunction, and Other Relief Submitted

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP

More information

TO: Chief Executive Officers and Compliance Officers of all National Banks, Department and Division Heads, and all Examining Personnel

TO: Chief Executive Officers and Compliance Officers of all National Banks, Department and Division Heads, and all Examining Personnel AL 99-3 Subject: Fair Credit Reporting Act Date: March 29, 1999 Purpose: TO: Chief Executive Officers Compliance Officers of all National Banks, Department Division Heads, all Examining Personnel SUMMARY

More information

Government Focus on Cybersecurity Elevates Data Breach Legislation. by Experian Government Relations and Experian Data Breach Resolution

Government Focus on Cybersecurity Elevates Data Breach Legislation. by Experian Government Relations and Experian Data Breach Resolution Government Focus on Cybersecurity Elevates Data Breach Legislation by Experian Government Relations and Experian Data Breach Resolution Will Congress pass data breach legislation in 2015/2016? Recent high-profile

More information

October 26, 2009. Re: Telemarketing Sales Rule Debt Relief Amendments, R411001. Ladies and Gentlemen:

October 26, 2009. Re: Telemarketing Sales Rule Debt Relief Amendments, R411001. Ladies and Gentlemen: 1120 Connecticut Avenue, NW Washington, DC 20036 1-800-BANKERS www.aba.com World-Class Solutions, Leadership & Advocacy Since 1875 By electronic delivery to: October 26, 2009 Virginia E. O'Neill Senior

More information

Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies

Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies The staff of the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), National

More information

R-1407, RIN 7100-AD66

R-1407, RIN 7100-AD66 CHASE Miriam Frieden Associate General Counsel, Senior Vice President Chase Card Services April 14, 2011 By Electronic Mail Jennifer J. Johnson, Secretary Board of Governors of the Federal Reserve System

More information

Federal Trade Commission Privacy Impact Assessment

Federal Trade Commission Privacy Impact Assessment Federal Trade Commission Privacy Impact Assessment for the: W120023 ONLINE FAX SERVICE December 2012 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal

More information

America s New Cybersecurity Framework: Help or New Source of Exposure?

America s New Cybersecurity Framework: Help or New Source of Exposure? America s New Cybersecurity Framework: Help or New Source of Exposure? BY BEHNAM DAYANIM, RYAN NIER & ELIZABETH DORSI March 2014 Data theft is on the rise, and the federal government is concerned. In 2013

More information

NCUA LETTER TO CREDIT UNIONS

NCUA LETTER TO CREDIT UNIONS NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA DATE: September 2001 LETTER NO.: 01-CU-09 TO: SUBJ: Federally Insured Credit Unions Identity Theft and

More information

White Paper. The Data Matching Game: Enabling Customer Data Integration and Protecting Consumer Privacy. October 2008

White Paper. The Data Matching Game: Enabling Customer Data Integration and Protecting Consumer Privacy. October 2008 > White Paper The Data Matching Game: Enabling Customer Data Integration and Protecting Consumer Privacy October 2008 Table of Contents Introduction..............................................1 What

More information

Privacy Impact Assessment

Privacy Impact Assessment DECEMBER 20, 2013 Privacy Impact Assessment MARKET ANALYSIS OF ADMINISTRATIVE DATA UNDER RESEARCH AUTHORITIES Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552

More information

M&T BANK CANADIAN PRIVACY POLICY

M&T BANK CANADIAN PRIVACY POLICY M&T BANK CANADIAN PRIVACY POLICY At M&T Bank, we are committed to safeguarding your personal information and maintaining your privacy. This has always been a priority for us and this is why M&T Bank (

More information

FAIR CREDIT REPORTING ACT (FCRA)

FAIR CREDIT REPORTING ACT (FCRA) FAIR CREDIT REPORTING ACT (FCRA) EXAMINATION PROCEDURES Examination Objectives (These reflect FFIEC-approved procedures.) To determine the credit union s compliance with the Fair Credit Reporting Act (FCRA)

More information

FAIR CREDIT REPORTING ACT (FCRA) OVERVIEW

FAIR CREDIT REPORTING ACT (FCRA) OVERVIEW FAIR CREDIT REPORTING ACT (FCRA) OVERVIEW The Fair Credit Reporting Act (FCRA) became effective on April 25, 1971. The FCRA is a part of a group of acts contained in the Federal Consumer Credit Protection

More information

An Overview of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 Final Rules

An Overview of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 Final Rules An Overview of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 Final Rules By: Andrea J. Shaw, Esq., Compliance Officer, Gorham Savings

More information

Credit Repair Organizations Act

Credit Repair Organizations Act Credit Repair Organizations Act Title IV of the Consumer Credit Protection Act (Public Law 90-321, 82 Stat. 164) is amended to read as follows: TITLE IV--CREDIT REPAIR ORGANIZATIONS'' Sec. 401. Short title.

More information

Responding to New Identity Theft Laws

Responding to New Identity Theft Laws Responding to New Identity Theft Laws March 2011 Privacy Expectations Today, there is increasing recognition that an individual has a legitimate interest in controlling the collection, use and disclosure/dissemination

More information

Risk Management Examiners

Risk Management Examiners Risk Management Examiners Introduction to Red Flags Examination Procedures Section 615(e) requires the federal banking agencies and the NCUA (the Agencies) as well as the FTC to prescribe regulations and

More information

The FACT Act: An Overview of the Final Rulemaking on Identity Theft Red Flags and Address Discrepancies

The FACT Act: An Overview of the Final Rulemaking on Identity Theft Red Flags and Address Discrepancies The FACT Act: An Overview of the Final Rulemaking on Identity Theft Red Flags and Address Discrepancies A Web and Telephone Seminar Tuesday, June 17, 2008 2:00 pm 3:30 pm Eastern 1:00 pm 2:30 pm Central

More information

Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development

Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development RECOMMENDATION OF THE OECD COUNCIL CONCERNING GUIDELINES FOR CONSUMER PROTECTION IN THE

More information

CHAPTER 2--CREDIT REPAIR ORGANIZATIONS SEC. 2451. REGULATION OF CREDIT REPAIR ORGANIZATIONS.

CHAPTER 2--CREDIT REPAIR ORGANIZATIONS SEC. 2451. REGULATION OF CREDIT REPAIR ORGANIZATIONS. CODES COMPLAINTS EMPLOYEE CERTIFICATION FEDERAL LAWS NACSO GUIDELINES LOG OUT CHAPTER 2--CREDIT REPAIR ORGANIZATIONS SEC. 2451. REGULATION OF CREDIT REPAIR ORGANIZATIONS. Title IV of the Consumer Credit

More information

Before the NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION, U.S. DEPARTMENT OF COMMERCE Washington, DC 20230

Before the NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION, U.S. DEPARTMENT OF COMMERCE Washington, DC 20230 Before the NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION, U.S. DEPARTMENT OF COMMERCE Washington, DC 20230 COMMENTS of the DIRECT MARKETING ASSOCIATION, INC. on the Multistakeholder Process

More information

Number of Pages: 5 Number of Forms: 0 Saved As: X:/Policies & Procedures/13. JCAHO STD s (if applicable): N/A

Number of Pages: 5 Number of Forms: 0 Saved As: X:/Policies & Procedures/13. JCAHO STD s (if applicable): N/A 15.05 Identity Theft Prevention Program Policy: Identity Theft Prevention Program Effective Date: Manual: RFHC Clinical Policies and Procedures Revision Date: Number of Pages: 5 Number of Forms: 0 Saved

More information

Authorization. First Middle ( none) Last. current from Mo/Yr to Mo/Yr Street City, State & Zip. from Mo/Yr to Mo/Yr Street City, State & Zip

Authorization. First Middle ( none) Last. current from Mo/Yr to Mo/Yr Street City, State & Zip. from Mo/Yr to Mo/Yr Street City, State & Zip Authorization Authorization: By signing below, you authorize: (a) General Information Services, Inc. ( GIS ) to request information about you from any public or private information source; (b) anyone to

More information

Policies and Procedures: IDENTITY THEFT PREVENTION

Policies and Procedures: IDENTITY THEFT PREVENTION Policies and Procedures: IDENTITY THEFT PREVENTION Section: Chapter: Policy: Compliance Administration Identity Theft Prevention I. PURPOSE The purpose of this policy is to protect patients and West Virginia

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP

More information

Adverse Action Guide for Employers

Adverse Action Guide for Employers The right employment screening partner This information presented here is not legal advice and is presented for general education purposes ONLY. BackTrack recommends that you consult with legal counsel

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

Complying with the GLBA Privacy and Safeguards Rules. By Robert J. Scott and Adam W. Vanek

Complying with the GLBA Privacy and Safeguards Rules. By Robert J. Scott and Adam W. Vanek Complying with the GLBA Privacy and Safeguards Rules By Robert J. Scott and Adam W. Vanek Complying with the GLBA Privacy and Safeguards Rules By Robert J. Scott and Adam W. Vanek It is the policy of Congress

More information

Consumer Federation of America Best Practices for Identity Theft Services. Version 2.0. November 17, 2015

Consumer Federation of America Best Practices for Identity Theft Services. Version 2.0. November 17, 2015 Consumer Federation of America Best Practices for Identity Theft Services Version 2.0 November 17, 2015 Consumer Federation of America Best Practices for Identity Theft Services Table of Contents Introduction

More information

Consumer and Community Affairs. Consumer Protection

Consumer and Community Affairs. Consumer Protection Consumer and Community Affairs The number of federal laws intended to protect consumers in credit and other financial transactions has been growing since the late 1960s. Congress has assigned to the Federal

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

Oklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention

Oklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention Oklahoma State University Policy and Procedures Rules and Identity Theft Prevention 3-0540 ADMINISTRATION & FINANCE July 2009 Introduction 1.01 Oklahoma State University developed this Identity Theft Prevention

More information

WHAT DOES HARLEY-DAVIDSON FINANCIAL SERVICES, INC. DO WITH YOUR PERSONAL INFORMATION?

WHAT DOES HARLEY-DAVIDSON FINANCIAL SERVICES, INC. DO WITH YOUR PERSONAL INFORMATION? FACTS WHAT DOES HARLEY-DAVIDSON FINANCIAL SERVICES, INC. DO WITH YOUR PERSONAL INFORMATION? Why? What? Financial companies choose how they share your personal information. Federal law gives consumers the

More information

HOW TO COMPLY WITH THE GRAMM-LEACH-BLILEY ACT

HOW TO COMPLY WITH THE GRAMM-LEACH-BLILEY ACT HOW TO COMPLY WITH THE GRAMM-LEACH-BLILEY ACT The information contained herein has been provided by Keith E. Whann and Deanna L. Stockamp of the law firm Whann & Associates and is for general information

More information

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper Spotting ID Theft Red Flags A Guide for FACTA Compliance An IDology, Inc. Whitepaper With a November 1 st deadline looming for financial companies and creditors to comply with Sections 114 and 315 of the

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

FAIR CREDIT REPORTING ACT: GENERAL DISCLOSURE AND AUTHORIZATION STATEMENT PLEASE READ CAREFULLY BEFORE SIGNING BELOW

FAIR CREDIT REPORTING ACT: GENERAL DISCLOSURE AND AUTHORIZATION STATEMENT PLEASE READ CAREFULLY BEFORE SIGNING BELOW FAIR CREDIT REPORTING ACT: GENERAL DISCLOSURE AND AUTHORIZATION STATEMENT TO: ALL APPLICANTS FOR EMPLOYMENT PLEASE READ CAREFULLY BEFORE SIGNING BELOW In processing my application for employment, I understand

More information

Red Flags Rule Identity Theft Prevention Program Master Policy

Red Flags Rule Identity Theft Prevention Program Master Policy Red Flags Rule Identity Theft Prevention Program Master Policy DOCUMENTS A master policy setting up the framework for developing, implementing, updating and administering a written identity theft prevention

More information

E-ALERT Privacy & Data Security

E-ALERT Privacy & Data Security E-ALERT Privacy & Data Security September 30, 2013 OVERVIEW OF RECENT CALIFORNIA PRIVACY ENACTMENTS & IMPACT The California legislature recently has passed four privacy-related bills. The following provides

More information

GAO FINANCIAL PRIVACY. Status of State Actions on Gramm-Leach- Bliley Act s Privacy Provisions

GAO FINANCIAL PRIVACY. Status of State Actions on Gramm-Leach- Bliley Act s Privacy Provisions GAO United States General Accounting Office Report to the Ranking Minority Member, Committee on Energy and Commerce, House of Representatives April 2002 FINANCIAL PRIVACY Status of State Actions on Gramm-Leach-

More information

Identity Theft Red Flags & Address Discrepancies under the FACT Act of 2003. Summary of Final Rule

Identity Theft Red Flags & Address Discrepancies under the FACT Act of 2003. Summary of Final Rule Identity Theft Red Flags & Address Discrepancies under the FACT Act of 2003 Summary of Final Rule On November 9, 2007, the Office of the Comptroller of the Currency ( OCC ), Federal Reserve Board ( Board

More information

YOUR DUTIES UNDER THE FAIR CREDIT REPORTING ACT

YOUR DUTIES UNDER THE FAIR CREDIT REPORTING ACT YOUR DUTIES UNDER THE FAIR CREDIT REPORTING ACT The Staff of the Consumer Financial Protection Bureau (CFPB) has prepared the following required notices in compliance with the Fair Credit Reporting Act

More information

REINVESTIGATION REQUEST

REINVESTIGATION REQUEST REINVESTIGATION REQUEST Section A: Consumer Information Please complete all fields except as noted. Full Name: First: Middle: Last: (Check one if applicable): Jr. Sr. Date of Birth: Social Security Number:

More information

California State University, Chico. Identity Theft Prevention Red Flags Program

California State University, Chico. Identity Theft Prevention Red Flags Program Identity Theft Prevention Red Flags Program Version 1.0 November 16, 2010 REVIEW/APPROVAL HISTORY Document Title: Author: Brooke F. Banks, Information Security Officer Date By Action Pages 10/30/2009 Bill

More information

C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A

C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A W I L L I A M L. K O V A C S S E N I O R V I C E P R E S I D E N T E N V I R O N M E N T, T E C H N O L O G Y & R E G U

More information

FTC IDENTITY THEFT RED FLAGS RULE PROGRAM MANUAL. A How-To Guide for Your Medical Practice. provided by

FTC IDENTITY THEFT RED FLAGS RULE PROGRAM MANUAL. A How-To Guide for Your Medical Practice. provided by FTC IDENTITY THEFT RED FLAGS RULE PROGRAM MANUAL A How-To Guide for Your Medical Practice provided by the American College of Obstetricians and Gynecologists This manual has been prepared to provide the

More information

The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services

The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes

More information

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Policy Implications: Privacy, Security and Liability Big Data in Telecom June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Who We Are Leading trade association in support of information and communications

More information

IBN Financial Services, Inc. Identity Theft Prevention Program(ITPP) under the FTCFACTActRedFlagsRule

IBN Financial Services, Inc. Identity Theft Prevention Program(ITPP) under the FTCFACTActRedFlagsRule IBN Financial Services, Inc. Identity Theft Prevention Program(ITPP) under the FTCFACTActRedFlagsRule I. Firm Policy Our firm s policy is to protect our customers and their accounts from identity theft

More information

The SEC s Initial Involvement: Encouraging Disclosures. From Comment Letters to Enforcement

The SEC s Initial Involvement: Encouraging Disclosures. From Comment Letters to Enforcement SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect

More information

2/9/2012. The Third International Conference on Technical and Legal Aspects of the e-society CYBERLAWS 2012

2/9/2012. The Third International Conference on Technical and Legal Aspects of the e-society CYBERLAWS 2012 The Third International Conference on Technical and Legal Aspects of the e-society CYBERLAWS 2012 Legal Issues Involved in Creating Security Compliance Plans W. David Snead Attorney + Counselor Washington,

More information

McLennan Community College

McLennan Community College McLennan Community College POLICIES AND PROCEDURES Subject: Identity Theft Prevention Program Reference: E-XXVIII-f Source: Board of Trustees Eff. Date: November 27, 2012 Approval Auth: Board of Trustees

More information

WEBLINKING: IDENTIFYING RISKS AND RISK MANAGEMENT TECHNIQUES

WEBLINKING: IDENTIFYING RISKS AND RISK MANAGEMENT TECHNIQUES Federal Deposit Insurance Corporation National Credit Union Administration Office of Thrift Supervision Office of the Comptroller of the Currency April 23, 2003 WEBLINKING: IDENTIFYING RISKS AND RISK MANAGEMENT

More information

CSR Breach Reporting Service Frequently Asked Questions

CSR Breach Reporting Service Frequently Asked Questions CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could

More information

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,

More information