Privacy Reviews & Identity Theft Prevention Program

From Main Street to Wall Street, Americans are talking about identity theft. At FDC Associates, we're in the fight to help you do something about it.

"Although there is no single comprehensive federal data security law, a number of federal laws, regulations and guidelines relate to and protect consumer information. Each of these laws and regulations provides specific remedies that can be sought by the agencies with enforcement authority." - The President's Identity Theft Task Force, Combating Identity Theft, A Strategic Plan, April 2007.

We in industry, especially finance and banking, face the burden of complying with multiple regulations. At FDC Associates we have automated tools, off-the-shelf policy documents and audit techniques that can make quick work of your compliance burden. For each of the privacy "silos" listed below, FDC Associates has a tried and true solution that will quickly and accurately help your firm achieve compliance with these concerns.

The Gramm-Leach-Bliley Privacy Act (GLB Act) defines non public information (NPI) as the combination of a person's name, SSN, Bank Account routing and account number. The Act restricts the disclosure of this information to third parties, and requires that specific actions are taken by banks and financial institutions to protect this information.

As of November 1, 2008, each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, must develop and implement an Identity Theft Prevention Program (Program) for combating identity theft in connection with new and existing accounts, and "Red Flag" incidents that may lead to identity theft.

What about non-banks and financial institutions? The Federal Trade Commission and others have seen to that exposure. The FTC's Safeguards Rule applies to a wide variety of "financial institutions" that are not subject to the jurisdiction of other federal or state authorities under the GLB Act. Among the institutions that fall under the Safeguards Rule are non-bank mortgage lenders, loan brokers, some state-regulated financial or investment advisers, tax preparers, providers of real estate settlement services and debt collectors. The FTC's regulation applies only to companies that are "significantly engaged" in such financial activities. The requirements are much the same as stipulated under the GLB Act.

California has specific requirements for Social Security Number retention and notification requirements for anyone whose information is in a database that has suffered a security breach.

The Payment Card Industry (PCI) has specific procedures and an audit schedule that must be followed by any firm that stores credit card numbers and related identity information, and enforces these requirements with stiff monetary fines.

And there is more - HIPAA requirements for the protection of medical information and related SSN' The Family Educational Rights and Privacy Act that protects the privacy of each student's educational records' The Drivers Privacy Protection Act that protects a driver's personal information. You can see how difficult it can be to comply with this ever increasing thicket of regulation.

We can help you meet or exceed any of privacy requirements that apply to your organization, and do so in a cost-effective manner. For more information on how FDC Associates can provide IT Audit and Governance Solutions for Privacy Reviews and Identity Theft Prevention, complete an Information Request or Contact Us.