Measures that would protect consumers from identity theft have been delayed, because many businesses are not compliant yet with federal regulations. Fortunately, there are solutions to help them protect your privacy.
In 2007, the United States Federal Trade Commission issued its final rules on identity theft “red flags” and address discrepancies. Fast forward to today, and the implementation of those rules has been delayed for a second time until August 1st.
The rules are intended to protect consumers from identity threat by governing how businesses that deal with credit handle financial information. Industries affected by the rules include healthcare providers (doctors, hospitals), utilities (gas, electric, telephone, cable TV, etc.), auto (car, motorcycle, RV dealerships), real estate (brokers, lenders), banks and credit unions and more, according to Compliance Coach, a company that sells risk assessment software.
It was an e-mail pitch from Compliance Coach about the delay that inspired me to write this article. The delay has occurred due in part to the fact that many businesses are not yet compliant with the rules or are unaware that they applies to them, the company says. It’s onto something.
A few weeks ago, I had a conversation with Peter Coffee, director of platform research at Salesforce.com. Peter said that it would be okay for me to disclose that a significant portion of IT professionals (not all of who were Salesforce customers), surveyed in third party research that it uses internally, understand that they are not compliant with existing laws and legal rulings that affect IT operations.
He noted in a follow-up e-mail that the research he discussed is not a statement of the legal opinions of the company’s corporate counsel, nor is it a formal statement of the assurances provided by the team that is headed by its chief trust officer.
Salesforce needs to think hard about compliance, because its customers are forced to tackle issues around data when they use its services. The cloud computing model that Salesforce pioneered–where data is hosted by a third party on remote servers–forces companies to build applications that abide by regulations that govern data, such as who can access it, and where it can exist.
Today’s delay is yet another example of how traditional IT has trouble keeping pace with cloud services. It is simply too difficult for many businesses to build the systems that they need to be compliant.
Cloud services can help organizations with limited IT resources meet today’s standards for business processes and data, because cloud providers must meet those considerations as part of their business model. The easier that is for businesses to be compliant, the safer your personal information becomes. Now let’s just hope that the FTC’s new protections go into effect with no further delays.