US NEW LAWS NEEDED TO PROTECT DATATechnology News: Security: Online Privacy Regulations Forcing Better Handling of Data: "Online Privacy Regulations Forcing Better Handling of Data

By Jack M. Germain
TechNewsWorld
07/16/05 1:30 AM PT
In essence, computerized banking transactions and Internet commerce practices have put new twists on old identity theft methods used by criminals. Federal guidelines are just now starting to focus on electronic processes that did not exist when other federal regulations were first designed.

More than 2 billion people around the world own or use mobile phones. And increasingly, people are using their mobile phones for multimedia -- not just for communication, but also for entertainment, news, and information services. Click here to find out more about Nokia's developments with Mobile TV!
New electronic privacy laws are forcing businesses to rethink how they handle their digital data. The retail industry is now regulated by new privacy laws aimed at reducing the growth of identity theft and consumer fraud.
Congress passed The Fair and Accurate Credit Transactions Act, known as FACTA, in 2003. This law, which amended the Fair Credit Reporting Act (FCRA), calls for the proper disposal of information in consumer reports and financial records to protect consumers from unauthorized access to or use of the information. The initial regulations took hold in December of 2004."

The final round of FACTA regulations kicked in last month. Known as the Disposal Rule, this federal regulation requires businesses and individuals to ensure proper disposal of sensitive information from consumer reports. It subjects any business or individual who uses a consumer report for a business purpose to comply with stringent safeguards.


Security Issues Multiply
FACTA and the Disposal Rule are extensive regulations that have key implications for business. The combination of these two federal security standards for consumer privacy is the first major attempt by Congress to deal with identity theft, according to industry watchers. These policies include requirements that companies destroy electronic files or media containing consumer report information so that the information cannot be read or reconstructed.

One of the pressing issues Congress faces, said Barry Benjamin, an attorney with Pitney Hardin in New York, is that old technical problems reappear in new ways. Barry counsels clients on the development of data collection, as well as e-mail and privacy policies.

In essence, computerized banking transactions and Internet commerce practices have put new twists on old identity theft methods used by criminals. Federal guidelines are just now starting to focus on electronic processes that did not exist when other federal regulations were first designed.

"Consumer information breached via computer is dumpster diving in a new form," Benjamin told TechNewsWorld.

This dumpster diving effect, or criminals rummaging through discarded paperwork to find identity information, is compounded by the number of companies involved in handling computer records today.

"Companies really need craddle-to-grave procedures for data handling. This is a huge boon to the shredding machine concept," Benjamin said.

The size of major corporations and the amount of outsourcing they do contributes to the consumer information management problems. Benjamin said this creates a rippling effect of spreading customer data.

Filling a Void
Taken together, these issues pose a dilemma. How does the government get all these companies to comply with new consumer protection laws?

"Do the big corporations have to ensure third party companies are complying? Do they have to train them? This is a major problem for corporations now," Benjamin said.

Until now federal laws did not directly address the problems surrounding consumer notification when personal information was obtained from stolen computer records. Without clear federal guidelines, some states are passing laws that require companies to notify consumers in those states when computer records regarding them have been breached.

continued at link..........