Group items tagged

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the "Red Flags" Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule. Today's announcement and the release of an Enforcement Policy Statement do not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance. "Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule - and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift," FTC Chairman Jon Leibowitz said. "As an agency we're charged with enforcing the law, and endless extensions delay enforcement." The Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring "creditors" and "financial institutions" to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have "covered accounts" to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities - known as "red flags" - that could indicate identity theft. The Rule became effective on January 1, 2008, with full compliance for all covered entities originally required by November 1, 2008. The Commission has issued several Enforcement Policies delaying enforcement of the Rule. Most recently, the Commission announced in October 2009 that at the request of certain Members of Congress, it was delaying enforcement of the Rule until June 1, 2010, to allow Congress time to finalize leg

In today's economic climate, many organizations outsource parts of their business to take advantage of cost savings and solution-expertise. However, as vendor relationships increase, it becomes more difficult to manage them. The risks assumed by outsourcing can be significant without a vendor management program. According to the Ponemon Institute Study - 2009 Security Mega Trends, an average of 50.5% of organizations who outsourced sensitive and confidential data to third parties experienced a security incident or data breach as a result of outsourcing. In this 1-hour live webcast, Michael Rasmussen, President at Corporate Integrity, will share his insights on the importance of vendor management, as well as his recommendations of best practices for defining and executing an effective strategy. Chris Noell, EVP of Product management of TruArx, will then provide a brief overview of how GRC tools such as TruComply can automate key vendor management activities and enable these best practices. In this session, you will learn about: *The importance of vendor management and how it applies to your business *Best practices for defining and executing an effective vendor management strategy *How you can quickly and cost-effectively establish a mature vendor management program