Not too long ago I posted a story about how the Federal Trade Commission has been going after companies with lax security around private information. Well, apparently the FTC has gotten even more serious.
On October 31st the FTC issued the final rules on what organizations must do to prevent identity theft. The full 256-page document can be found here. Part of the document reads "The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft in connection with new and existing accounts." In my opinion, companies that already have a robust security environment shouldn't have too far to go to comply with the FTC's requirements, expecially those that are PCI-compliant. However, for those that are resisting the PCI mandates, this should be a wake-up call.
No related articles.
