Resources Links

Federal Trade Commission

Federal Trade Commission

The FTC is the Federal agency charged with helping to stop Identity Theft. They have a wealth of information available for free. They have information for businesses and consumers. Their information is designed to be readily available and easy to use.

http://www.ftc.gov/

FTC Identity Theft Homepage

This is the home page for FTC information regarding Identity Theft. If you are not sure what you want to see, this is a great starting point.

http://www.ftc.gov/bcp/edu/microsites/idtheft/

Red Flags Rule Guide

This FTC description of the Red Flags Rule includes general guidance on how to meet the requirements of the Rule. While this resource is a good guide to understanding the Rule, making your program more than just a compliance requirement you have to meet requires more.

http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.shtm

Taking Charge

This is the definitive guide for how to recover from Identity Theft. In particular, there are some interesting facts inside that may make it clear exactly how severe the problem of Identity Theft can be.

http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm

Protecting Personal Privacy: A guide for Business

This guide for business is a great start for understanding what you have to do to protect your organization. While this guide was not the basis for Accurate Data Partner’s products and services, our services will help you meet almost all of these requirements.

http://www.ftc.gov/infosecurity/

On Guard On Line

This site is geared to help raise the awareness of young people on the issues of privacy, data protection and identity theft. It is geared toward activities online and includes games and other interactive tools that make it more interesting.

http://www.onguardonline.gov/

Privacy and Data Protection

This page shows how the FTC seeks out and prosecutes companies that violate Federal law or fail to provide proper protections for customer privacy.

http://www.ftc.gov/privacy/

National Institute For Standards and Technology

Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

While NIST is charged with providing standards and guidance to the Federal government, this guide can serve as a valuable tool for any organization seeking to prioritize the use of security dollars regarding protecting PII.

http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf

National Institute For Standards and Technology

State Laws

Almost every state has Breach Notification laws in place. Each state is different. This link provides links to each state law. Be sure to go through the ones that are applicable to your business.

http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/SecurityBreachNotificationLaws/tabid/13489/Default.aspx

Law Overview

This resource is a list of and description of the Federal statutes that pertain directly to Identity Theft as well as other potentially useful articles and resources.

http://www.llrx.com/features/idtheftguide.htm

Fair and Accurate Credit Transaction Act (FACTA)

This revision to the Fair Credit Reporting Act includes the mandate to create the Red Flags Rule as well penalties for failure to properly dispose of sensitive data. These changes apply to almost every employer.

http://www.privacyrights.org/fs/fs6a-facta.htm

Fair Credit Reporting Act (FCRA)

The omnibus law regarding privacy in the United States, FCRA is the basis for almost all businesses on how to manage privacy.

http://www.ftc.gov/os/statutes/031224fcra.pdf

Red Flags Rule

Developed by the Federal Trade Commission and other financial regulatory agencies, the Red Flags Rule is intended to help organizations prevent fraud and protect themselves and their customers. It applies to almost every organization, but serves as sound guidance even for those organizations that are not required to follow it.

http://www.ftc.gov/os/fedreg/2007/november/071109redflags.pdf

Health Insurance Portability and Administration Act (HIPAA)

The most important pieces of HIPAA are the Privacy and Security Rules. They provide guidance for care and usage of sensitive health data.

http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsimpregtext.pdf

HIPAA Security Rule

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityrulepdf.pdf

HIPAA Privacy Rule

http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsimpregtext.pdf

HITECH Act

This law expanded the applicability of HIPAA to include Business Associates. It is also the first Federal Breach Notification Law, covering Sensitive Health Information.

http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/federalregisterbreachrfi.pdf